Business Information Security Officer (BISO) (hybrid)

• Title: Business Information Security Officer (BISO) (hybrid)

  Ref: 17/9/BISO

   

  About Us

   

  The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

   

  You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

   

  Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight). Employees based in GB will be employed on a permanent remote working contract.

   

  Join our team and you’ll find challenge and reward in a culture of innovation, support and balance. 

   

   

  Location

   

  Belfast / Derry – Londonderry / Strabane

   

  Your role in the team

   

  The Business Information Security Officer (BISO) functions as the security leader with their area of responsibility. This role will have dual reporting structure, one reporting to the Area of Responsibility (AoR) and one into the Information Security Program Office and is responsible for establishing and driving a business specific Information Security program aligned with the business area risks and the Allstate Corporation Information Security Program. The BISO serves as the trusted advisor, both to the business and to the CISO. This role will liaise between the business and Allstate Information Security (AIS), keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions. 

   

  • Establish a documented Information Security Program and supporting strategy for the AoR
  • Ensure program is aligned with the AIS Information Security Program, Policies and Standards
  • Ensure inclusion of all applicable regulatory, legal and contractual obligations
  • Leverage the Enterprise and AoR specific Information Security Risk Assessments to establish and monitor the program
  • Update the program annually
  • Provide input into the Allstate Corporation Information Security Program, Security Policy and Standards
  • Ensure clear lines of communication between AoR and the Chief Information Security Officer
  • Provide reporting on the state and efficacy of security controls for their projects and platforms
  • Securing ongoing security funding for special/complex projects, and evangelizing security awareness across the AoR
  • Within the AoR drives Information Security Risk Management, policy compliance, access management, data protection, education and awareness

   

  Key Success Criteria:

   

  • Increase levels of security and reduce risk across the designated AoR.
  • Improve compliance with security standards and policies across Business Unit teams.
  • Greater awareness of information security and data privacy requirements (globally)
  • Drive adoption of global security program standards throughout the product and core business platform teams.
  • Support the AoR and CISO in seeking cost optimizing and driving reduction in operations costs of managing the security controls.

   

   

  So, what are the essential criteria to apply?

   

  • All candidates must evidence an existing right to work in the UK
  • Bachelor's Degree or equivalent experience
  • 5+ years or more year of experience in audit or information security related role.
  • Security/Risk certification such as CISSP, CISSM, CISA or similar preferred
  • Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security

   

   

  We also have some desirable criteria

   

  • Project management experience highly desired
  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
  • Ability to interpret and apply policies and regulations across a large, complex business
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
  • Knowledge of infrastructure and cloud software

   

   

  What we offer

   

  As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

   

  Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

   

  We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

   

  We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

   

  Statement on Fair Employment and Equal Opportunities

   

  Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

   

  We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

   

  Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

   

  Apply here: https://bit.ly/3lwor89 

   

  The closing date for receipt of applications is Tuesday 28^th September