Info Security Consultant

We are not just offering a job but a meaningful career! Come join our passionate team!

As a Fortune 50 company, we hire the best employees to serve our customers, making us a leader in the insurance and financial services industry. State Farm embraces diversity and inclusion to ensure a workforce that is engaged, builds on the strengths and talents of all associates, and creates a Good Neighbor culture.

We offer competitive benefits and pay with the potential for an annual financial award based on both individual and enterprise performance. Our employees have an opportunity to participate in volunteer events within the community and engage in a learning culture. We offer programs to assist with tuition reimbursement, professional designations, employee development, wellness initiatives, and more!

Visit our Careers page for more information on our benefits, locations and the process of joining the State Farm team!

OFFICE LOCATION: Richardson, TX, Bloomington, IL, Dunwoody, GA, Tempe, AZ

**Hybrid Work Environment: Selected applicants should plan to spend time working from home and some time working in the office as part of our flexible work environment.**

*Applicants for this position are required to be eligible to lawfully work in the U.S. immediately; employer will not sponsor applicants for U.S. work authorization (e.g. H-1B visa) for this opportunity.*

Responsibilities

The new team member will engage in the development of automation and self-service strategies and tooling options. The candidate selected for this role will be required to develop, automate, and support State Farm’s identity and access management tools.

• Perform technical and solution vulnerability identification and assessment (cloud platforms / applications/ services, APIs, SaaS solutions, third party risk through vendors, operating systems, databases, network, endpoints, front-end / back-end infrastructure).
• Design, develop, and recommend system-level security architecture to resolve security / privacy requirements while ensuring compliance with laws, regulations, and policy.
• Develop, influence, and recommend new security solutions as well as effective enhancements to existing security controls.
• Evaluate threats, vulnerabilities, and risks towards technical solutions and recommend security controls to safeguard technical solutions.
• Use security standards and configurations for systems and business solutions; including cloud environments, to ensure security requirements are designed and configured to mitigate security weaknesses.
• Identify solution requirements, utilizing system and data classification principles; design and tailor security controls for protecting resource / information system assets.
• Demonstrate a breadth and depth of security knowledge and skill; acts as a security subject matter resource for solving highly technical and complex problems across multiple product teams to help ensure secure solutions and reduce organizational risk.
• Verify that application software/network/system security postures are implemented as intended, document deviations, and recommend compensating security controls / actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop security risk management plans to address concerns.
• Participate in technical and non-technical projects requiring information security oversight to ensure policies, procedures, and standards are met. Effectively communicate complex vulnerabilities into relevant business terms for non-information security audience understanding.

Items of Note

• May require work during nights and weekends
• Suggested certifications may include, CRISC, CISSP, CISM, GSEC
• Must apply discretion and appropriate security measures when handling confidential and sensitive information

Info Sec Consultant Level Descriptors:

• Demonstrates sound judgment in making decisions with respect to matters of moderate to high complexity and importance
• Applies broad-based knowledge of security technologies, techniques, controls, processes, and best practices to perform daily tasks
• Keeps abreast of security, business and IT industry trends and best practices to modify techniques and processes to meet changing needs and influence the direction of solutions
• Mentors and trains others
• May lead some strategic work and/or contributes to strategic work (e.g. cross departmental or enterprise initiatives)
• Participates in and/or leads vendor product reviews, evaluations, demonstrations, proofs of concept and implementations
• Maintains solid relationships and strategic partnering skills with business areas, team members, and external contacts
• May act as a product owner

Qualifications

Preferred skills:

• Demonstrates sound judgment in making decisions with respect to matters of moderate to high complexity and importance
• Applies broad-based knowledge of security technologies, techniques, controls, processes, and best practices to perform daily tasks
• Keeps abreast of security, business and IT industry trends and best practices to modify techniques and processes to meet changing needs and influence the direction of solutions
• Mentors and trains others
• May lead some strategic work and/or contributes to strategic work (e.g. cross departmental or enterprise initiatives)
• Participates in and/or leads vendor product reviews, evaluations, demonstrations, proofs of concept and implementations
• Maintains solid relationships and strategic partnering skills with business areas, team members, and external contacts
• May act as a product owner

Desired Skills:

• Experience with networking or infrastructure
• Experience, or desire to grow knowledge, in Cloud: (AWS, MS Azure, etc)
• Experience with Information Security best practices and controls such as encryption and identity management
• Strong collaboration and relationship building skills
• Strong problem solving skills

Req ID : 24931