Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

**In addition to Irving, TX, we are open to candidates in the Charlotte, NC & Phoenix, AZ markets to work from our offices in those locations.**

The Cybersecurity Assurance Lead Consultant is part of Allstate Information Security – GRC. This role will coordinate assurance program activities and will contribute to the overall security compliance program by providing direct consulting of security requirements, driving control effectiveness and consulting on remediation plans. This role will drive our compliance program and methodology of internal security controls to ensure compliance with contractual and regulatory requirements.

The successful candidate will be required to collaborate across security teams, audit, risk and business partners to identify, translate and communicate issues and remediation requirements to technical teams and security leadership. A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups. This resource is expected serve as a trusted advisor that can clearly articulate Allstate security policies, standards, and guidelines to both technical and business audiences alike.

Key Responsibilities

• Lead design an approach to map and test enterprise security controls to enable the enterprise to be proactive, and make risk-based security decisions
• Lead development and design testing methodology that align Allstate Information Security Policy and Enterprise Security Standards with Allstate’s business, regulatory and contractual requirements, and industry-accepted best practices
• Execute on agreed upon methodology to identify, test, and report on control operating effectiveness
• Recommend operationally feasible and cost effective solutions to reduce risk, as appropriate
• Monitor, maintain, and measure coverage/effectiveness of the overall enterprise information security controls library
• Promote sound security practice and accountability across Allstate business units, brands, and family of companies
• Help our partners proactively maintain a strong cybersecurity preparedness and response posture
• General assurance compliance program support, partnering with external auditors, security architects/engineers, and various program management areas as required
• Archer GRC tool administration for security controls assessment workflow and evidence gathering within the compliance and issues management modules
• Reporting of findings (from partner self-assessments or execution of controls effectiveness program and/or other sources)
• Review data flow diagrams, network, or conceptual architectural diagrams to help validate scope of most critical systems is appropriate
• Support delivery leads in promoting and consulting on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions
• Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements
• Help consult with stakeholders on requirements for new and existing business / technology solutions to assure compliance to compliance frameworks and internal standards and governing policies and procedures
• Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor

Job Qualifications

• 3-5 years of Information Security/IT compliance, consulting, and/or security engineering or architecture experience or IT audit experience
• Relevant postsecondary education and/or industry standard certifications preferred (i.e., CISA, CISM, CISSP, CompTIA, SANS Institute/GIAC, PCIP)
• Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
• Effective written, verbal communication skills. Ability to tailor communication style to audience at hand
• Ability to effectively work with technical and non-technical resources, able to partner with multiple business groups, managers, and network architects or engineers
• Should be a self-starter who demonstrates complete ownership over assigned objectives and is able to work independently in a "semi-structured" environment, but also recognizes when guidance is needed from program management and delivery leaders
• Ability to write quality documentation and/or presentations is a must
• Proficient in MS Office Pro Suite and SharePoint

• Ability to stay up to date with the current cybersecurity threat landscape to account for changing circumstances when evaluating security risks, maintain technical proficiency via self or formal training
• Good understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
• Working knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT
• General knowledge of common application security architecture and vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies
• General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, common security infrastructure)

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.