Where good people build rewarding careers.

Think that working in the insurance field cant be exciting, rewarding and challenging? Think again. Youll help us reinvent protection and retirement to improve customers lives. Well help you make an impact with our training and mentoring offerings. Here, youll have the opportunity to expand and apply your skills in ways you never thought possible. And youll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

This position is for a Senior Information Security Risk Assessor in the Allstate Technology & Strategic Ventures (ATSV) Information Security department. The Senior Risk Assessor is responsible for driving the companys efforts to proactively identify, assess, and communicate the companys information security risks through critically analyzing the probable frequency and probable magnitude of future loss. The assessor will work in close partnership with internal information security and business representatives to scope assessments, gather documentation, interview clients, identify risks, document findings, and ensure transparent management of risks by following a structured risk assessment methodology. This position will be expected to independently lead and complete high-quality assessments across a diverse set of technologies, business functions, and complexity. This includes but is not limited to assessments for internal and SAAS applications, network devices, control processes, business functions, and facilitating the ongoing analysis of enterprise-wide risks across Allstate and its family of companies. As a senior member of the team, this position will also be expected to proactively drive process improvements, overcome barriers to success, build professional relationships across the company, brief senior leaders, and mentor others.

**In addition to Tempe, AZ, we are open to candidates in the Charlotte, NC & Dallas/Ft. Worth, TX markets to work in our offices in those locations.**

Job Responsibilities

Support Management & Decision Making:

• Works closely with and influences decision makers in other departments to identify, recommend, develop, implement, and support a risk informed decision and action framework.
• Initiates and implements continuous improvements in all areas of IT responsibility.

Business Partner Management

• Acts as a Change Catalyst for a risk based approach to delivery of services and systems.
• Partners with others in their organization to set and manage expectations; continually seeks opportunities to be a thought partner and increase internal business partner satisfaction and deepen relationships.
• Adapts communication approach for audiences at multiple internal and external levels.

Risk Management

• Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
• Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
• Fully understand business requirements and work with the business to define appropriate solutions security objectives while meeting the business need.
• Manage the review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements.
• Integrate security risk reporting and management activities into Allstate day to day processes.
• Partner with all areas of the business, including internal auditors, legal, IT and business partners.
• Develop and improve KPIs, metrics, and trending for the risk management and remediation function.
• Respond to and assist with audits, assessments and compliance requests.
• Serve as client liaison as needed on matters pertaining to Risk Management.
• Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
• Act as a subject matter expert for the organization's information asset protection policies and procedures, and information technology best practices.
• Provide mentoring, feedback, guidance and reviews of assessment work to team members.
• Develop and refine enterprise policy, standards and procedures.
• Develop and refine procedures and techniques used by the team.
• Other duties as assigned.

Job Qualifications

• Minimum 5 years of IT experience, ideally at least 3 of which are in a security domain. Previous information security risk assessment experience is a plus.
• Strong understanding of IT security best practices
• Demonstrated ability to lead and participate in cross functional teams, including offsite, remote and offshore resources.
• Effective written, verbal communication skills. Ability to tailor communication style to audience at hand.
• Ability to effectively communicate with technical and non-technical resources.
• Experience evaluating and securing payment processing technology.
• Direct knowledge of PCI DSS and PCI risk assessments, or ability to develop these skills within 6 months of hiring.
• Knowledge of HIPAA, ISO, NIST, and IT Controls.
• Strong organizational skills.
• Self-directed, works with minimal guidance, and recognizes when guidance needed.
• Demonstrated ability to stay abreast securing evolving technology such as cloud and mobile computing.
• Proficient in MS Office Suite (Word, Excel, Project, PowerPoint, Visio).
• Knowledge of the Factor Analysis of Information Risk (FAIR) taxonomy a strong plus.
• Knowledge of ArcherGRC, RiskLens, and SkyHigh ShadowIT tools a plus.
• CISSP or CISM, or other industry certification a plus.
  

**In addition to Tempe, AZ, we are open to candidates in the Charlotte, NC & Dallas/Ft. Worth, TX markets to work in our offices in those locations.**

Good Work. Good Life. Good Hands.

As a Fortune 100 company and industry leader, we provide a competitive salary but thats just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, youll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.