Cyber Risk Management Analyst Allstate
Irving, TX

Job Description

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Family Summary

Through its breadth of knowledge and understanding of information technology industry trends and emerging technologies, Security Governance protects Allstate assets and information. Security Governance manages the data protection strategies for the company. This is accomplished through the development, implementation and administration of programs that help address compliance requirements to state, federal and industry standards, while protecting their stakeholders and related information.

Job Description

In addition to Irving, TX, we are open to candidates in the Charlotte, NC and Phoenix, AZ markets to work in our offices in those locations.

This position is for a Cyber Risk Management Analyst in the Allstate Technology & Strategic Ventures (ATSV) Information Security department. The Cyber Risk Management Analyst will be responsible for supporting the company's efforts to track, govern, report on, and reduce information security risks. This individual will be a key contributor managing operational activities to reduce risk to our company in close consultation with other Information Security, ATSV and business partners. This person will be a point of contact for risk remediation issues and will also manage inquiries from audit, adhoc information requests, and collaborate with cross functional teams that act as inputs to and consumers of risk remediation data. The analyst will have an understanding of information security best practices, risk assessment methodologies, and working across multi-functional teams.

Key Responsibilities

* Ensure the strategic alignment of information security with business strategy to support organizational objectives.
* Identify and support measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
* Ensure changes in company processes, standards and technology meet security controls and compliance requirements.
* Partner with all areas of the business, IT and business partners on risk remediation related projects.
* Understand business and client requirements and work with the business areas to define appropriate security actions and activities while meeting the business need.
* Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
* Acts as a Change Catalyst for a risk based approach to delivery of services and systems.
* Drive discussions and provide guidance & support in managing and reducing risk remediation efforts across business functional areas.
* Participate in risk remediation discussions and updates to compliance policy and standards.
* Improve KPIs, metrics, and trending for the risk management and remediation function.
* Monitor, track, document and report on risk remediation activities.
* Respond to and assist with audits, assessments and compliance requests.
* Act as a subject matter expert for the organization's risk remediation processes and efforts.
* Provide influence and support to peers across risk remediation team to successfully deliver on business commitments.
* Initiates and implements continuous improvements in all areas of IT responsibility.
* Assessing risk using a standard methodology and consulting with subject matter experts to build risk remediation and risk reduction plans.
* Meet SLAs for processing cyber risk submissions according to quality control baselines and clearly reports risks and risk trends.

Job Qualifications

* 3 years of IT experience, 1 of which are in a Security domain.
* Demonstrated ability to lead discussions and participate in cross functional teams, including offsite, remote and offshore resources.
* Effective written, verbal communication skills. Ability to tailor communication style to audience at hand.
* Ability to effectively communicate with technical and non-technical resources.
* Strong organizational skills.
* Self-directed, works with minimal guidance, and recognizes when guidance needed.
* Proficient in MS Office Suite (Word, Excel, Project, PowerPoint, Visio).
* Demonstrated ability to stay abreast securing evolving technology such as cloud and mobile computing.
* Experience evaluating and securing payment processing technology.
* Knowledge of PCI DSS, HIPAA, ISO, NIST, and IT Controls.
* Strong understanding of IT security best practices.
* Knowledge of ArcherGRC, RiskLens, and SkyHigh ShadowIT tools a plus.