Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

The Cyber Security Risk Manager is a leader with a high level of knowledge in information security risk management and remediation practices. The manager will be responsible for the development, implementation and operationalization of the Cyber Risk Management Framework and Taxonomy to manage information security risk to acceptable levels and provide subject matter expertise in this area. The manager will develop partnership with cross-functional teams including Allstate Information Security, Business, Operational Risk, Internal Audit and Technology Risk. The manager will provide subject matter expertise in a broad range of security disciplines and technology areas. The role will also require tracking and oversight of cyber risk management across the organization. The role will provide guidance on the remediation efforts of outstanding information security vulnerabilities, internal and external regulatory and audit findings to improve the overall posture of Allstate Information Security program.

Key Responsibilities

Strategic

• Provide subject matter expertise on technical aspects of information security and risk management
• Develop, operationalize and maintain the Cyber Risk Management Framework and keep it aligned with the Allstate Information Security, Technology Risk and Operational Risk
• Work with the leadership to set and communicate the cyber risk appetite in alignment with overall operational risk appetite limits
• Be responsible for the ongoing operations and enhancements for the Cyber Risk Management Framework and risk remediation efforts
• Partner with stakeholders to evaluate risk-return tradeoffs, assess risk-return implications of strategic and operating plans

Operational

• Work effectively with Allstate Information Security, Technology Risk and business units to facilitate cyber risk assessment and risk management processes, and provides guidance on risk treatment strategies
• Contributes to monitoring, testing as well as review and constructively challenges security operational teams and business units on their assessment of cyber risks, including challenging on risk mitigation and management responses
• Provide specialist cyber risk expertise to support strategic initiatives, operational teams, and business units upon request
• Track and monitor cyber risk management remediation; closely monitoring and following up on overdue action items
• Provide inputs to the stakeholders on risk remediation decisions/activities
• Define and lead efforts to analyze technology and business impact and exposure based on emerging threats, vulnerabilities, and risks
• Research and evaluate emerging trends, threats and technologies
• Define and lead strategies to quantify the organization’s 'risk appetite' and tolerance levels

Supervisory Responsibilities: This job has supervisory duties

Job Qualifications

• Bachelor’s Degree or equivalent experience
• 7 or more years of related experience
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Auditor (CISA) preferred

Technical Skills

• Strong knowledge and expertise in following cyber security domains is desired:
  • Cloud and Security Engineering
  • DevSecOps
  • GRC including Security Governance and Compliance
  • Security Operations and Threat Management
  • Network & Endpoint Security
  • App Security Engineering including Product Security, Data Security, Application Security Identity and Access Management
  • Privacy (GDPR, CCPA etc.)
  • Security Architecture
  • Monitoring and Analytics

Functional Skills

• Strong understanding of information security technology
• Prior consulting experience with Big 4 is a plus
• Experience interacting, presenting and working with C-level executives
• Knowledge of best practices, regulations and common risk management frameworks like NIST 800-30, ISO 27005, ISO 31000, FAIR, COBIT, CIS, NYDFS, GDPR etc.
• Proven track record and experience of the following in a highly complex and global organization:
  • developing and driving information / cyber risk management
  • designing and driving implementation of a tailored governance framework connecting closely with operational leadership to make strategy and governance relevant for day-to-day operations
• Ability to think strategically, conceptually, analytically and creatively
• Advanced time management skills including ability to manage multiple projects, prioritize and organize
• Demonstrated clear, concise and effective oral and written communication skills
• Ability to establish, manage and leverage relationships with internal and external partners
• Ability to analyze data and apply it to complex problem resolution
• Strong understanding of security trends in the industry
• Understanding of expense and resource management processes
• Possess a solid understanding of and openly support and embrace change, approach change in a factual, positive and constructive manner, make effective and accurate decisions in a fast-changing environment, show flexibility and open-mindedness when priorities and goals change, plan and estimate future work efficiently, and anticipate problems and obstacles in sufficient time to minimize impact.

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race, religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment