Senior Manager of Cyber Risk & Compliance (hybrid)

• About Us

   

  The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

   

  You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

   

  Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight). Employees based in GB will be employed on a permanent remote working contract.

   

  Join our team and you’ll find challenge and reward in a culture of innovation, support and balance. 

   

   

  Location

   

   

  Belfast / Derry - Londonderry / Strabane

   

   

  Your role in the team

   

   

  The Senior Manager of Cyber Risk & Compliance will lead a global team of managers and individual contributors to deliver and enhance Allstate’s cyber risk quantification, cyber risk profiling, cyber risk assessments, and cyber control testing capabilities.

   

   

  • Leverage cyber risk quantification to lead discussions and make cyber risk decisions for Allstate, subsidiaries, and third parties
  • Lead the identification and cyber risk profiling of assets across Allstate, subsidiaries, and third parties
  • Provide oversight and guidance to teams for internal and third-party cyber risk assessments
  • Drive control testing teams and activities to align with PCI, NYDFS, and HIPAA laws and regulations
  • Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts to a level acceptable to the senior management of the company
  • Partner with Business Information Security Officers to determine business unit cyber risk, identify controls to mitigate risks, and determine controls to help business units comply with laws and regulations
  • Engage with Privacy, Legal, Procurement, and Enterprise Architecture to streamline vendor onboarding and vendor cyber risk profiling
  • Lead SaaS Review Group, from a risk perspective, with Security Architecture to ensure the proper controls are applied to cloud and SaaS solutions prior to onboarding

   

   

   

   

  So, what are the essential criteria to apply?

   

   

  • All candidates must evidence an existing right to work in the UK'
  • 5+ years of experience in information technology or information security
  • 2 years’ experience in a leadership role
  • Experience leading cyber risk or cyber control testing teams
  • Strong process management, program management, and project management experience
  • Working knowledge of standards and regulations (ISO 27001, NIST CSF, NIST 800-53, CIS Controls, HIPAA, PCI-DSS, and NYDFS)
  • Ability to interpret and apply policies and standards
  • Bachelor’s degree or equivalent experience

   

   

   

   

  We also have some desirable criteria

   

   

  • One or more related certifications (CISSP, CRISC, CISM, or CISA)
  • Working knowledge of cyber risk quantification and the FAIR ontology
  • Ability to identify threat mitigating controls through threat modeling (PASTA and STRIDE)
  • Experience as a cyber risk assessor for professional services firm or large corporation
  • Experience with third-party cyber risk assessments and cyber control testing
  • Experience in auditing or control testing cyber internal controls
  • Experience leading PCI control testing program
  • Working knowledge of cloud platforms and SaaS solutions
  • Master’s degree

   

   

   

  What we offer

   

  As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

   

  Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

   

  We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

   

  We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

   

   

   

  Apply Here: https://bit.ly/3zLG49G 

   

   

   

  Statement on Fair Employment and Equal Opportunities

   

  Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

   

  We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

   

  Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

   

   

  The closing date for receipt of applications is Friday 10th September 2021