Information Security Business Office Manager

Allstate Insurance Company   •  

Irving, TX

Industry: Accounting, Finance & Insurance


5 - 7 years

Posted 51 days ago

This job is no longer available.

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

**In addition to Irving, TX, we are open to candidates in the Tempe, AZ & Charlotte, NC markets to work in our offices in those locations.**

This is your chance to join the team responsible for helping to secure environment that runs and supports the largest publicly held personal-lines insurer, which insures more than 17 million households with over 32 billion in annual revenues and 37,000+ employees internationally. The Information Security Business Office Manager will be part of the Allstate Information Security – Governance, Risk, and Compliance area and lead Information Security Business Office activities.

The successful candidate for the InfoSec Business Office Manager will contribute to the Information Security Program by being a trusted advisor to our business partners, ensure execution of business office services, and lead management of both the business office teams and operations of the Information Security Program/Council. A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtualcross-functional work groups, along with tracking and reporting of program status, compliance gaps and risks. This individual is expected to serve as an advisor that can clearly articulate Allstate security policies, standards, and guidelines to both technical and business audiences alike.

Key Responsibilities

  • Provide oversight and coordination of AIS GRC program; metrics & reporting; enterprise security policy & standards; audit management; human capital planning and financial management (budget, CRE, ERE); support, track, and manage the security program; and security project prioritization/delivery process
  • Coordinate across multiple functional areas to facilitate the accomplishments of Information Security decisions and strategic goals
  • Drive/coordinate/facilitate various work streams to deliver more accountability for the Information Security framework and related processes
  • Manage typical critical project-related tasks, including the coordination of risk, compliance & assurance activities
  • Work collaboratively with security delivery resources, technical SMEs, and various business partners to support successful delivery of the overall program
  • Lead day-to-day planning, preparation, coordination, communication, and follow up for the Information Security Council
  • Develop and produce management reporting and associated metrics
  • Provide high-level guidance on security and information risk management approaches and outcomes as defined by program stakeholders and information security strategy
  • Promote a compliant & risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to require standards and processes
  • Prepare presentations, reports, and other formal and informal communications to internal business partners and direct management
  • Design an approach to enable the enterprise to be proactive, make risk-based security decisions, meet regulatory and contractual requirements, and industry-accepted best practices
  • Promote sound security practice and accountability across Allstate business units, brands, and family of companies
  • Help partners proactively maintain a strong cybersecurity preparedness and response posture
  • Provide general assurance compliance program support partnering with external auditors, security architects/engineers, and various program management areas as required
  • Build effective working relationships, initiate action, and achieve results as a trusted advisor

Job Qualifications

  • 7 – 10 years of GRC (Governance Risk and Compliance) experience, program/project management and/or IT/Security experience
  • Relevant postsecondary education and/or industry standard certifications preferred (i.e. ISACA- CISA,CISM; ISC2-CISSP; SANS Institute/GIAC; PCIP)
  • 5-7 years managing global direct reports
  • Self-starter who demonstrates complete ownership over assigned responsibilities and is able to work independently in a "semi-structured" environment
  • Expert executive communication skills, both written and verbal – Ability to tailor communication of complex and technical issues to cross functional audiences for executive decision making
  • Experience with GRC functions and executive stakeholder management
  • Demonstrate technical innovation, leadership skills and capabilities
  • Strong decision-making capabilities, with a call-to-action focus
  • Knowledge of enterprise-class technology organizations and processes, and maintains an awareness of emerging information security technologies, threat landscape, and industry trends
  • Practical working knowledge of cross-domain information security and risk management best-practices – basic understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
  • Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
  • Ability to effectively work with technical and non-technical resources, able to partner with multiple business groups, managers, and network architects or engineers
  • Ability to write quality documentation and/or presentations is a must – Proficient in MS Office Pro Suite – Power Point, Excel and SharePoint
  • Basic knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT