Security Risk Senior Manager
- Employer
- Allstate Insurance Company
- Location
- Nationwide
- Salary
- Not Specified
- Closing date
- Apr 19, 2019
View more
- Category
- IT , Risk Management, Executive / Management
- Job Type
- Not Specified
- Career Level
- Not Specified
Job Details
Where good people build rewarding careers.
Think that working in the insurance field cant be exciting, rewarding and challenging? Think again. Youll help us reinvent protection and retirement to improve customers lives. Well help you make an impact with our training and mentoring offerings. Here, youll have the opportunity to expand and apply your skills in ways you never thought possible. And youll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
Job Description
Through its breadth of knowledge and understanding of information technology industry trends and emerging technologies, Security Governance, Risk and Compliance protects Allstate assets and information. This Security family manages the data protection strategies for the company. This is accomplished through the development, implementation, and administration of programs that help address compliance requirements to state, federal and industry standards, while protecting their stakeholders and related information.
Sr. Manager of Security Risk serves as a leader within the Allstate Information Security organization. This role will manage the establishment of an enterprise-wide cyber security risk framework; inform and execute enterprise-wide cyber security risk and control definition and assessment & process oversight; and ensure cyber security operational effectiveness through cyber security KPI selection and performance assessment, and oversight of risk lifecycle management. This role will encompass both internal and external cyber risk lifecycle management. Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise. Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise.
Responsibilities
Risk Management
- Ensure the strategic alignment of information security with business strategy to support organizational objectives.
- Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
- Manage the review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements
- Integrate security risk reporting and management activities into Allstate day to day processes.
- Define, monitor, and report on a set of Key Risk Indicators
- Support, manage and streamline the security variance process.
- Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
- Fully understand business requirements and work with the business to define appropriate solutions security objectives while meeting the business need.
- Partner with all areas of the business, including internal auditors, legal, IT and business partners
- Develop and improve KPIs, metrics, and trending for the risk management and remediation function.
- Respond to and assist with audits, assessments and compliance requests.
- Participate and lead new projects as needed.
- Serve as client liaison as needed on matters pertaining to Risk Management.
- Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
- Act as a subject matter expert for the organization's information asset protection policies and procedures, and information technology best practices.
- Provide mentoring and guidance to a team of risk professionals.
- Develop and refine enterprise policy, standards and procedures.
- Develop and refine procedures and techniques used by the team.
- Other duties as assigned.
Responsibilities (Cont'd)
Partnership
- Provide input into the Allstate Corporation Strategy
-
Ensure clear lines of communication with the Allstate Family of Companies, Small and Emerging Businesses and Allstate Canada to support an enterprise view, including but not limited to the following:
- Information Security Program
- Metrics and Reporting
- Information Security Policy and Standards
- Compliance lifecycle management
- Ensure clear lines of communication between ATSV, AIS and the business
-
Develop strong partnership with AIS team members. ATSV and key business partners to ensure
- Establishment and monitoring of KRIs and KPIs
- Compliance to Allstate regulatory and contractual obligations
- Integration of changes to Information Security Standards and supporting documentation
- Effective delivery/remediation of audit observations
- Update the Security standards and supporting documentation
- Ensure clear lines of communication between AIS, Operational Risk and ATSV Risk and Compliance
- Provide reporting on the state and efficacy of security controls for Allstate Corporation
- Secure ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit
Supplier Security
- Responsible for being the leader in supplier management risk reviews.
- Be well versed in supplier enterprise security due diligence and assessment.
- Facilitate regular onsite security assessments of suppliers to assess information security risk.
- Identify and recommend appropriate measures to manage and mitigate supplier risks and reduce potential impacts on information resources to an acceptable level.
- Work with suppliers to remediate the risks identified during the information security assessments.
- Understand how to risk-rank suppliers, perform risk assessments, and communicate results to the business.
- Document and communicate risk assessments and results in a manner that allows all readers across the enterprise to understand the risk.
- Partner with all areas of the business, including Privacy, Legal, Procurement, IT, and business partners.
- Serve as client liaison as needed on matters pertaining to Risk Management.
- Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
Partnership
- Provide input into the Allstate Corporation Strategy
-
Ensure clear lines of communication with the Allstate Family of Companies, Small and Emerging Businesses and Allstate Canada to support an enterprise view, including but not limited to the following:
- Information Security Program
- Metrics and Reporting
- Information Security Policy and Standards
- Compliance lifecycle management
- Ensure clear lines of communication between ATSV, AIS and the business
-
Develop strong partnership with AIS team members. ATSV and key business partners to ensure
- Establishment and monitoring of KRIs and KPIs
- Compliance to Allstate regulatory and contractual obligations
- Integration of changes to Information Security Standards and supporting documentation
- Effective delivery/remediation of audit observations
- Update the Security standards and supporting documentation
- Ensure clear lines of communication between AIS, Operational Risk and ATSV Risk and Compliance
- Provide reporting on the state and efficacy of security controls for Allstate Corporation
- Secure ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit
Job Qualifications
- Bachelor's Degree or equivalent experience
- 5-7 years of experience in audit or information security related role.
- Strong understanding of audit methodologies and regulatory requirements pertaining to information security, privacy and/or data security
- Project management experience highly desired
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Ability to interpret and apply policies and regulations across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
- Advanced skills with MS-Windows and other related PC applications
- Experience with Cloud security control requirements
-
One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP) from ISC2
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA) from ISACA
- Advanced degree or masters in computer systems or equivalent
- Strong analytical and critical thinking skills
- Strong executive presence with proven ability to influence peers and senior leadership
- Excellent written and oral communication, and presentation skills
- Proven ability to develop diverse talent and assemble a highly effective team, inspiring those in the organization to do the best work possible and move the organization forward
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands.
As a Fortune 100 company and industry leader, we provide a competitive salary but thats just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, youll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.
Company
- Website
- https://www.allstate.com/
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert