Security Assurance Consultant
Posted on Jun 5 Northbrook, IL 175 views
You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.
Everything we do at Allstate is driven by a shared purpose: to protect people from life’s uncertainties so they can realize their hopes and dreams. For 89 years we’ve thrived by staying a step ahead of whatever’s coming next – to give customers peace of mind no matter what changes they face. We acted with conviction to advocate for seat belts, air bags and graduated driving laws. We help give survivors of domestic violence a voice through financial empowerment. We’ve been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection. We are the Good Hands. We don’t follow the trends. We set them.
**We are open to applicants in the Dallas / Fort Worth, TX, Charlotte, NC, & Phoenix, AZ markets to work from our strategic local offices. Strong qualified candidates will be given consideration as remote / home-based professionals.**
The Security Assurance Consultant will have extensive client interactions relating to technical security controls with a wide range of technology-based functions, business groups and suppliers. He/she will hold relevant skills including an intermediate working knowledge of business/technology risk leveraging NIST cybersecurity framework and lifecycle (Identify, Protect, Detect, Respond, and Recover). This individual will possess knowledge in the monitoring and auditing of technology controls that mitigate those risks leveraging industry frameworks like ISO/IEC 27000 series Plan-Do-Check-Act (PDCA) cycles. The successful individual is expected to act as a trusted advisor who can clearly articulate required security policies, standards, controls and guidelines to both technical and business audiences alike.
- Provide compliance program support (PCI, HIPAA, State Regulations, SOX, SEC) that helps analyze and evaluate the design and operating effectiveness of information technology of compliance consultative requests.
- Evaluate current business practices and support business on implementation of applications and infrastructure.
- Consult with stakeholders on requirements for new and existing business / technology solutions to assure compliance to applicable regulatory or contractual control requirements.
- Assist in the ongoing maintenance of compliance program documentation including testing procedures and methodology.
- Provide Compliance Assessment & Classification support (Enterprise Standards and Policy).
- Facilitate assessment reviews of individual business unit and/or supplier compliance to control requirements leveraging an established assessment framework and/or Archer GRC compliance module.
- Identify and report compliance gaps to key stakeholders for remediation actioning.
- Identify and directly support procedural changes to drive efficiency and maturity of the program.
- Directly support the ongoing maintenance of our Common Control framework capability to cross map controls requirement across applicable regulations and standards. Ultimate objective is that once a control is tested, the test results can contribute to the assessment for multiple regulations and standards without duplicating work.
- Support team members and business processes managing the lifecycle and inventory of critical technology assets (monitoring, enumeration and classification of various regulatory and compliance information assets).
- 3+ years of IT experience -- IT security, security control, and/or IT audit credentials preferred
- Advanced knowledge of cybersecurity compliance requirements including: PCI DSS, HIPAA, SOX, NYDFS
- Advanced knowledge of cybersecurity control requirements including NIST 800-53, ISO 270001
- Familiarity with GRC tools (i.e. Archer, ServiceNow) and Enterprise Asset Management Systems (i.e. AWARE)
- Effective written and verbal communication skills -- this role requires interaction across the enterprise and regular interface with people at all organization levels. The ability to tailor communication style to audience at hand is key to the role.
- Relevant postsecondary education and/or industry standard certifications preferred (i.e., CompTIA, Microsoft, EC-Council, ISACA, ISC2, SANS Institute/GIAC, PCIP)
- Ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
- Self-directed, works with minimal guidance, and recognizes when guidance is needed. The ability to work independently in a "semi-structured" environment with a strong aptitude for problem-solving is key.
- Proficient in MS Office Suite (Word, Excel, PowerPoint, OneNote, Project, Access, Visio) and SharePoint
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.