Business Information Security Officer - Platform
Posted on Aug 11, 2019 by Allstate Insurance Company.
Where good people build rewarding careers.
Think that working in the insurance field cant be exciting, rewarding and challenging? Think again. Youll help us reinvent protection and retirement to improve customers lives. Well help you make an impact with our training and mentoring offerings. Here, youll have the opportunity to expand and apply your skills in ways you never thought possible. And youll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
The Business Information Security Officer (BISO) functions as the security leader with their area of responsibility. This role will have dual reporting structure, one reporting to the AoR and one into the Information Security Program Office and is responsible for establishing and driving a business specific Information Security program aligned with the business area risks and the Allstate Corporation Information Security Program. The BISO serves as the trusted advisor, both to the business and to the CISO. This role will liaise between the business and Allstate Information Security (AIS), keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.
Establish a documented Information Security Program and supporting strategy for the area of responsibility (AOR)
- Ensure program is aligned with the AIS Information Security Program, Policies and Standards
- Ensure inclusion of all applicable regulatory, legal and contractual obligations
- Leverage the Enterprise and AOR specific Information Security Risk Assessments to establish and monitor the program
- Update the program annually
- Information Security Risk Management
- Policy Compliance
- Access Management
- Data Protection
- Education and Awareness
- Provide input into the Allstate Corporation Information Security Program
- Review and provide input into the Information Security Policy and Standards
- Ensure clear lines of communication between AOR and the Chief Information Security Officer
- Provide reporting on the state and efficacy of security controls for their projects and platforms
- Securing ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit
Key Success Criteria
- Support the Business Unit and CISO in seeking cost optimizing and driving reduction in operations costs of managing the security controls.
- Increased levels of security across designated Business Unit.
- Improved compliance with security standards and policies across Business Unit teams.
- Greater awareness of information security and data privacy requirements (globally); and
- Drive adoption of global security program standards throughout the product and core business platform teams.
- Bachelor's Degree or equivalent experience
- 8+ years or more year of experience in audit or information security related role.
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
- Project management experience highly desired
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Ability to interpret and apply policies and regulations across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
- Advanced skills with MS-Windows and other related PC applications
Good Work. Good Life. Good Hands.
As a Fortune 100 company and industry leader, we provide a competitive salary but thats just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, youll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.