Director, Security Architecture

About the job

The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. As a leader in a corporation with 83,000 employees and agency force members, you’ll have a hand in transforming not only Allstate but a dynamic industry. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

Everything we do at Allstate is driven by a shared purpose: to protect people from life’s uncertainties so they can realize their hopes and dreams. For 89 years we’ve thrived by staying a step ahead of whatever’s coming next – to give customers peace of mind no matter what changes they face. We acted with conviction to advocate for seat belts, air bags and graduated driving laws. We help give survivors of domestic violence a voice through financial empowerment. We’ve been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection. We are the Good Hands. We don’t follow the trends. We set them.

Job Summary:

The Director of Security Architecture serves as a senior leader within the Allstate Enterprise Architecture Organization and has the responsibility to lead a high performing team that will define Allstate’s transformational security direction, ensure alignment and close any gaps, foster relationships with key business and technology stakeholders, and create and uphold architectural standards to ensure consistency across the organization. This person is the primary integration point between all aspects of Enterprise Architecture, Information Security, and is expected to interact with multiple C-level executives.

Key Responsibilities:

This is a people leadership position; both direct and matrixed. You will be accountable for creating a work environment that enables employees to be their best, deliver on their accountabilities, and deliver security architecture in alignment with enterprise objectives. Technical responsibilities for this role will be both strategic & tactical. Strategic in developing the enterprise security target state and associated roadmaps, and tactically ensuring new capabilities are built out and adopted within all solutions. Specifically, but not limited to:

• Develop, implement, and drive a strategic, comprehensive enterprise information security capabilities integrating business priorities and risks into the strategy
• Primary point of contact to the Enterprise Chief Architect, representing Security within Enterprise level architecture forums and executing on responsibilities supporting enterprise governance activities
• Set overall security architecture direction and partner with product delivery teams, Information Security, Enterprise Architecture, Engineering, and Infrastructure & Operations teams to align solution delivery activities to architecture standards, business goals and objectives
• Drive adoption of a DevSecOps mindset and influence across technology teams including architecture, security, and development to design and implement frictionless experiences
• Influence the security organization toward architectural excellence and maturation of key services for enterprise level delivery
• Drive security assessments to evaluate the processes, procedures and tools used to review and test information system controls and security across enterprise systems and third party supplier IT systems
• Evaluate the adequacy of IT security controls to verify compliance with corporate standards and regulatory compliance (e.g.NIST 800-171 & 53, PCI, HIPAA, GDPR, SOX 404and COPPA)
• Ability to drive security in an on-prem, hybrid& multi-cloud environment
• Establish an enterprise-wide process to evaluate security tools & vendors, maintain a catalog of approved and preferred tools, and assist business divisions with tool rationalization where feasible
• Develop and champion reusable patterns, practices, and enterprise reference architectures that fit within the overall Allstate architectural direction
• Understanding and current on emerging technologies, industry innovations, and competitor technology positioning to define new or refresh existing strategic architectures
• Work with strategic vendors and partners to review and direct product roadmaps, strategies, and plans to ensure alignment with industry and Allstate needs, both current and future
• Develop and coordinate the Secure Data Strategy -Embedding security into the overall approach and vision for data protection, drive and maintain data at rest or in motion strategy to secure the contents from unauthorized access, collect and analyze business and event data to drive security value and enable the utilization of data as a business asset

Essential Criteria

• 10 years of business experience in planning, organizing, and developing information security capabilities
• 5-7 years of Enterprise Architecture experience
• 5 years of hands-on technology experience
• 5 years of security experience including recent leadership in an IT organization that has adopted DevSecOps
• 5 years of people leadership experience; direct and matrixed
• 2+ years of experience designing and deploying solutions in cloud
• Experience serving as cyber and information security leader in complex organizations
• Demonstrate executive level business and technical acumen
• Ability to develop and clearly articulate a compelling security strategy to stakeholders
• Strong knowledge of security architectures, including experience working with leading enterprise cyber security tools and vendors
• Cyber and information security strategy experience in Insurance or Financial Services industry
• Excellent presentation skills

One or more of the following certifications:

• Certified Information Systems Security Professional (CISSP) from ISC2
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) from ISACA
• Advanced degree or masters in IT, or equivalent

Behavioral Characteristics:

• Passionate about leading people
• Strong analytical and critical thinking skills
• Strong executive presence with proven ability to influence peers and senior leadership
• Excellent written and oral communication, and presentation skills
• Proven ability to develop diverse talent and assemble a highly effective team, inspiring those in the organization to do the best work possible and move the organization forward
• Well-developed relationship management capabilities. Ability to build strong internal and external networks
• Strategic mindset with understanding of how complex systems work together and the risks involved which are easily understood by business, risk, and executive team
• Demonstrated energy and passion for the role

Desirable Criteria:

• Cyber and information security strategy experience in Insurance or Financial Services industry
• Certification in Cloud Computing