Cyber Risk Consulting and Reporting Consultant (hybrid)

• About Us

   

  The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

   

  You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

   

  Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight). Employees based in GB will be employed on a permanent remote working contract.

   

  Join our team and you’ll find challenge and reward in a culture of innovation, support and balance. 

   

   

  Location

   

  Belfast / Derry - Londonderry / Strabane

   

   

  Your role in the team

   

   

  The Cyber Risk Consulting and Reporting Consultant is part of Allstate Information Security – GRC (Governance Risk and Compliance). This role will coordinate risk quantification quarterly reporting activities and will directly contribute to the overall Risk Quantification Program by providing data analytics support, driving strategic improvements to the risk quantification methodology, and provide consulting to key business partners. This role will drive maturity and growth in our cyber risk quantification program and methodology to ensure the accurate reporting of residual risk to stakeholders, driving informed, risk based decisioning.
  
   

  The successful candidate will be required to collaborate across security teams, risk and business partners to identify, assess and develop capabilities to report residual risk impacts that internal controls have on the enterprise.  A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups. This resource is expected to serve as a subject matter expert and trusted advisor that can clearly articulate Allstate security policies, standards, risk and controls to both technical and business audiences alike. 

   

   

  • Lead an approach to ensure the transparent reporting of risk impacts technical assets, and make risk-based security decisions
  • Lead the strategic maturity of risk quantification to drive data analytics, data modelling, automation and risk reduction 
  • Execute on agreed methodology to identify, assess, and report on asset risk profile for all asset tiers within defined service level agreement timelines
  • Recommend operationally feasible and cost-effective solutions to reduce risk, as appropriate
  • Monitor, maintain, and measure coverage of asset risk profiles for overall enterprise information security controls library
  • Lead the governance of the risk profile rating scale to ensure the accurate calculation of asset risk impacts
  • Partner directly with key stakeholders to drive data quality and accuracy to improve the overall effectiveness of the process.  
  • Promote sound security practice and accountability across Allstate business units, brands, and family of companies
  • Help our partners proactively maintain a strong cybersecurity preparedness and response posture
  • Drive Archer GRC tool governance for asset risk profile security workflow and update requirements
  • Drive key stakeholder education to support the continued engagement and awareness of program requirements
  • Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness and alignment to asset risk profile rating procedures
  • Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor

   

   

   

  So, what are the essential criteria to apply?

   

   

  • All candidates must evidence an existing right to work in the UK'
  • 4+ years of Information Security/IT risk or compliance, consulting, data analytics and/or security engineering or architecture experience or IT audit experience
  • Ability to effectively work & communicate with technical and non-technical resources, able to partner with multiple business groups, managers, and network architects or engineers
  • Good understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
  • Strong data analytical, risk decisioning and organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
  • Excellent written and verbal communication skills, with the ability to tailor your communication and presentation style to the audience
  • Ability to stay up to date with the current cybersecurity threat landscape to account for changing circumstances when evaluating security risks, maintain technical proficiency via self or formal training
  • Working knowledge of: cyber risk practices, frameworks & regulatory compliance e.g. NIST 800-53, NIST cybersecurity framework, PCI DSS 3.2, HIPAA, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, and COBIT
  • General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, common security infrastructure)

   

   

   

   

  We also have some desirable criteria

   

  • Relevant postsecondary education and/or industry standard certifications preferred (i.e., CISA, CISM, CISSP, CompTIA Sec+, SANS Institute/GIAC)
  • Knowledge of risk and compliance tools a plus.
  • Should be a self-starter who demonstrates complete ownership over assigned objectives and is able to work independently in a "semi-structured" environment, but also recognizes when guidance is needed from program management and delivery leaders

   

   

   

  What we offer

   

  As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

   

  Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

   

  We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

   

  We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

   

   

  Apply Here: https://bit.ly/3n3BBer 

   

   

  Statement on Fair Employment and Equal Opportunities

   

  Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

   

  We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

   

  Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

   

   

  The closing date for receipt of applications is Friday 21st January 2022