Apply Now    
Job ID :
95489
Location :
Irving, TX US
Level :
Experienced Professional
Job Category :
Information Technology
Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.


Job Description

Description
This is your chance to join the team responsible for helping to secure environment that runs and supports the largest publicly held personal-lines insurer, which insures more than 17 million households with over 32 billion in annual revenues and 37,000+ employees internationally. The Information Security Program delivery resource will be part of the Allstate Information Security - Assurance, Policy, Monitoring & Reporting (AIS-APMR) team and lead Information Security Program activities.

The Information Security Program Governance Ops Lead will contribute to the Info Sec Program by being a trusted advisor to our business partners, ensure execution of assurance services, and lead management of the information Security Program & Council. A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups, along with tracking and reporting of program status, compliance gaps and risks.  This resource is expected to serve as a very visible trusted advisor that can clearly articulate Allstate security policies, standards, and guidelines to both technical and business audiences alike.

Job Description

Key Responsibilities include:
• Oversight and coordination of Information Security  Governance, Risk, and Compliance Program
• Coordinate and liaison across multiple functional areas to facilitate the accomplishments of Information Security decisions and strategic goals.
• Drive/ coordinate/ facilitate various work streams to deliver a more accountability for the Information Security framework and related processes
• Managing typical critical / project-related tasks, including the coordination of risk, compliance & assurance activities
• Working collaboratively with security delivery resources, technical SMEs, and various business partners / functions to support successful delivery of the overall program
• Lead the day-to-day planning, preparation, coordination, communication and follow up for the Information Security Council
• Planning team participation/leadership activities pertaining to portfolio management and execution
• Developing and produce management reporting and associated metrics
• Provide high-level guidance on security and information risk management approaches and outcomes as defined by program stakeholders and information security strategy
• Maintain,  manage and monitor stakeholder relationships, meeting schedules, minutes, RACI and partnering accountability
• Promoting a compliant & risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to require standards and processes
• Establishing and maintaining communication channels with stakeholders
• Preparing presentations, reports, and other formal and informal communications to internal business partners and direct management.
• Design an approach to enable the enterprise to be proactive, make risk-based security decisions, meet regulatory and contractual requirements, and industry-accepted best practices
• Recommend operationally feasible and cost effective solutions to reduce risk, as appropriate
• Promote sound security practice and accountability across Allstate business units, brands, and family of companies
• Help partners proactively maintain a strong cybersecurity preparedness and response posture
• General assurance compliance program support, partnering with external auditors, security architects/engineers, and various program management areas as required
• Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor
 

Job Qualifications

Qualifications
• Self-starter who demonstrates complete ownership over assigned responsibilities and is able to work independently in a "semi-structured" environment.
• Minimum 7 - 10 years of Risk, Governance and IT/Security experience
• Expert executive communication skills, both written and verbal - Ability to tailor communication of  complex and technical issues to cross functional audiences for executive decision making
• Experience with executive stakeholder management
• Working knowledge of program/project management
• Experience with GRC functions
• Demonstrates technical innovation, leadership skills and capabilities
• Strong decision-making capabilities, with a call-to-action focus
• Knowledge of the organizations core business and mission processes
• Displays knowledge of enterprise-class technology  organizations and processes
• Maintains an awareness of emerging information security technologies and industry trends
• Ability to stay up to date with the current cybersecurity threat landscape to account for changing circumstances when evaluating security risks, maintain technical proficiency via self or formal training
• Must possess practical working knowledge of cross-domain information security and risk management best-practices - basic understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
• Proven experience dealing with ambiguous situations, and producing a consistent result with varied input
• Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
• Ability to effectively work with technical and non-technical resources, able to partner with multiple business groups, managers, and network architects or engineers
• Ability to write quality documentation and/or presentations is a must - Proficient in MS Office Pro Suite –  Power Point, Excel and SharePoint
• Relevant postsecondary education and/or industry standard certifications preferred (i.e. ISACA- CISA,CISM; ISC2-CISSP; SANS Institute/GIAC; PCIP)
• Basic knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT
• Basic knowledge of common application security architecture and vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies.
• General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, common security infrastructure)

Preference toward candidates with experience working within large Financial/Insurance organizations on internal audit, regulatory or contractual information security compliance projects.


Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.



Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.

ABC

Apply Now