Cyber Risk Assessment/GRC- Lead Consultant

Job Description

We have an opportunity for someone having experience in performing Security Risk Assessments to join the Information Security department as a Cyber Risk Security Assessor in the Allstate Technology & Strategic Ventures (ATSV). The Cyber Risk Assessor will be responsible for supporting the company’s efforts to identify, assess and evaluate security risks through business-as-usual cyclical assessments and ad hoc consultations.  This individual will be a key contributor managing operational activities to reduce risks to business goals in close consultation with other Information Security, ATSV and business partners.  The analyst needs to understand information security best practices, risk assessment methodologies, and working across multi-functional teams.

Job Responsibilities

• Conducts risk assessment at the network, systems, platforms and application level.
• Involved in addressing and providing guidance on wide range of security issues including architectures, platforms including Public Cloud, electronic data traffic, and network access.
• Driving the company’s efforts to proactively identify, assess, and communicate the company’s information security risks to leadership and board.
• Ensure compliance with security policies and standards.
• Deep understanding of Cyber programs such as Threat Management, Secure SDLC, Security Architecture, Network and Data Protection.
• Work in close partnership with internal information security and business representatives to scope assessments, gather documentation, interview clients, identify risks, document findings, and ensure transparent management of risks by following a structured risk assessment methodology
• Works independently to lead and complete high quality threat-based risk assessments across a diverse set of technologies, business functions, and platforms.
• This position will also proactively drive process improvements, overcome barriers to success, build professional relationships across the company, brief senior leaders, and mentor others.

​​​

Primary Skills

The successful candidate will be required to collaborate across security/IT teams and business partners to assess and report risk ratings of assets/technologies/platforms/cloud which have impact on enterprise and identify process improvement areas. A broad range of professional skills, along with strong interpersonal skills, will be required for problem-solving and collaboration with virtual cross-functional work groups. This resource is expected to serve as a subject matter expert and trusted advisor that can clearly articulate Allstate security policies, standards and risks to assets to both technical and business audiences alike.

Experience

• Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST CSF; ISO;  HiTrust, FAIR)
• Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; CCPA; etc.)
• Experience using/knowhow of various tools and technologies in support of the assessment/audit process (RSA Archer, Qualys, Bitsight, etc.)
• Experience gathering information from a range of different sources to help identify weaknesses in security controls
• Expert with security control design, development, implementation, and monitoring
• Minimum of 6-8 years of IT experience in either an infrastructure or development background with proficiency in Cyber Risk Assessments.

Shift Timing

1PM - 9:30 PM