Cyber Risk Assessment Consultant (hybrid)

About Us

The world isn’t standing still, and neither is Allstate. We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs. That’s why now is an exciting time to join our team. You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.

Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight).

Join our team and you’ll find challenge and reward in a culture of innovation, support and balance.

Location

Northern Ireland

Your role in the team

We have an opportunity for someone having experience in performing Security Risk Assessments to join the Information Security department as a Cyber Risk Security Assessor in the Allstate. The Cyber Risk Assessor will be responsible for supporting the company’s efforts to identify, assess and evaluate security risks through business-as-usual cyclical assessments and ad hoc consultations. This individual will be a key contributor managing operational activities to reduce risks to business goals in close consultation with other Information Security, ATS and business partners. The analyst needs to understand information security best practices, risk assessment methodologies, and working across multi-functional teams.

Responsibilities include (but are not limited to):

• Conducts risk assessment at the network, systems, platforms and application level.
• Involved in addressing and providing guidance on wide range of security issues including architectures, platforms including Public Cloud, electronic data traffic, and network access.
• Driving the company’s efforts to proactively identify, assess, and communicate the company’s information security risks to leadership and board.
• Ensure compliance with security policies and standards.
• Deep understanding of Cyber programs such as Threat Management, Secure SDLC, Security Architecture, Network and Data Protection.
• Work in close partnership with internal information security and business representatives to scope assessments, gather documentation, interview clients, identify risks, document findings, and ensure transparent management of risks by following a structured risk assessment methodology
• Works independently to lead and complete high quality threat-based risk assessments across a diverse set of technologies, business functions, and platforms.
• This position will also proactively drive process improvements, overcome barriers to success, build professional relationships across the company, brief senior leaders, and mentor others.

An Ideal Candidate must:

• Have strong understanding of IT security best practices.
• Demonstrate ability to lead discussions/projects and participate in cross functional teams.

So, what are the essential criteria to apply?

• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.

• At minimum 4 years of IT experience with proficiency in Cyber Risk Assessments.
• Knowledge of cybersecurity compliance and control requirements such as: PCI DSS, ISO and NIST.

We also have some desirable criteria

• Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST CSF; ISO; HiTrust, FAIR)
• Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; CCPA; etc.)
• Experience using GRC tools and technologies in support of the assessment/audit process (RSA Archer, Security Scorecard, Bitsight, etc.)
• Experience gathering information from a range of different sources to help identify weaknesses in security controls
• Expert with security control design, development, implementation, and monitoring
• Certifications: CISSP/ CISA/ CEH

What we offer

As Digital DNA’s Workplace of the Year 2020 & 2022 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

Statement on Fair Employment and Equal Opportunities

Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

The closing date for receipt of applications is Friday April 19th 2024