Full Job Description
Allstate Identity Protection, formerly InfoArmor, is the nation’s leader in employee identity protection. We joined the Allstate Corporation family of companies in 2018, and together have 100 years of combined experience protecting what people care about most. In addition to servicing more than 3 million employees across 4,000+ clients, including around a third of the Fortune 500, we aim to bring peace of mind to all Americans via our comprehensive protection plans for individuals & families.
We are looking to transform how businesses and households think about digital & identity protection and combat an ever-changing fraud landscape. Our innovative, customer-centric approach combined with our recent entry into the Allstate family of companies has positioned us to grow rapidly and disrupt the industry. We are passionate about our culture and offer team members rewarding opportunities in a fast-moving, dynamic environment.
As a key member of the security governance team, this candidate will be responsible for working with each business department to shape organizational control policy & standards and manage compliance with regulations related to information security. The candidate will manage the policy & standards development process and will also design and execute a security metrics program to measure effectiveness of key controls. This role will drive collaboration with key stakeholders to document, maintain and measure an effective baseline of security requirements founded upon industry standards and regulatory requirements.
- Maintains responsibility for the development, enforcement, implementation of policies, procedures, and guidelines for multiple platforms and diverse systems to maintain compliance.
- Ensure security policies, standards, procedures, and key controls are aligned with AIP’s cybersecurity framework and regulatory requirements by documenting and maintaining cross-references to track the relationship of AIP’s requirements with industry requirements.
- Performs research and technical writing to create initial policy, standards, and procedures drafts based on industry frameworks and regulatory requirements.
- Facilitates meetings and interviews to gather input and feedback from key stakeholders to help refine security requirements as necessary.
- Identifies and tracks compliance gaps discovered through policy development efforts and ensures remediation and action plans are developed to eliminate the risk exposure.
- Maintains awareness of State and Federal regulations pertaining to information security, data privacy requirements and the global cyber threat landscape.
- Identify regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes.
- Educate IT and the business partners about security policies, standards, and requirements.
- Develop communications and related awareness campaigns for practices according to security policies and standards as part of the enterprise security awareness program.
- Designs and implements a centralized security metrics program including procedures for metrics identification, collection, and reporting.
- Ensures the on-going execution of the security metrics collection and reporting processes.
- Creates executive presentations, routine reporting packages and/or dashboards to communicate the organization’s security posture and risks.
- Act as a liaison to the business and IT groups and assist them in the implementation of security policy/standards, data privacy, and compliance requirements.
- Assist in the development and maintenance of AIP’s security strategy and roadmap.
- May assist in performing periodic assessments of information systems, and processes to identify compliance gaps and security vulnerabilities, and develop and execute remediation action plan to reduce or eliminate the risk exposure.
- May support other security governance processes, initiatives, and team members as necessary to ensure the overall success of the security program.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Business Acumen
- Verbal and Written Communication
- Technical Writing
- Critical Evaluation
- Ethical Practice
- Global & Cultural Awareness
- Leadership & Navigation
- Relationship Management
This position has no supervisor responsibility.
Position Type/Expected Hours of Work
This is a full-time position with expectations to work Monday through Friday.
Some out-of-area and overnight travel may be expected on an infrequent basis.
Required Education & Experience
- Bachelor’s degree or equivalent combination of technical training and experience.
- 5+ years of progressive experience in information security, governance/compliance, incident/emergency management or related fields.
- Demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.
- Excellent technical writing skills and ability to perform independent research and draft technical documents from scratch.
- Excellent communication skills, exceptional written communication skills; strong negotiation and influencing skills.
- Broad and in-depth knowledge and experience in one or more security functions such as policy development, education & awareness, security governance/compliance, security risk management, identity & access management, network security, threat management, vulnerability management, incident response, etc.
- Effective interpersonal skills necessary to collaborate, negotiate and influence all levels of personnel.
- Exceptional cross group collaboration, able to drive decisive action in partnership with others in a large organization and deliver results that depend on other divisions and external partners.
- Demonstrated ability to organize and prioritize work in a dynamic and complex environment to meet deadlines.
- Demonstrated experience in driving process design/improvements, implementation, and on-going execution.
- Ability to manage the successful delivery of multiple large and complex projects in parallel
Preferred Education and Experience
- Master’s degree preferred
- CISSP, CISA and/or SANS GIAC certifications preferred
- NIST CSF and 800-53 experience preferred
- Demonstrated ability to follow written/verbal instructions, define problems, collect data, establish facts, and draw valid conclusions.
- Demonstrated ability to work independently and be a strong collaborative partner.
- Self-starter with a demonstrated ability to learn beyond formal training with a strong aptitude for delivering quality products under minimal supervision.
Additional Eligibility Qualifications
Allstate Identity Protection is an Equal Opportunity Employer
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
- Salary Offer $89.7K/yr to $114K/yr
- Address USA
- Experience Level Senior
- Total Years Experience 5-10