Business Information Security Officer - Chicago, United States - Allstate

Allstate
Allstate
Verified Company
Chicago, United States

3 weeks ago

Mark Lane

Posted by:

Mark Lane

beBee recruiter
Description
The world isn't standing still, and neither is Allstate. We're moving quickly, looking across our businesses and brands and taking bold steps to better serve customers' evolving needs. That's why now is an exciting time to join our team. You'll have opportunities to take risks, challenge the status quo and shape the future for the greater good.


You'll do all this in an environment of excellence and the highest ethical standards - a place where values such as integrity, inclusive diversity and accountability are paramount.

We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.


Everything we do at Allstate is driven by a shared purpose: to protect people from life's uncertainties so they can realize their hopes and dreams.

For more than 89 years we've thrived by staying a step ahead of whatever's coming next - to give customers peace of mind no matter what changes they face.

We acted with conviction to advocate for seat belts, air bags and graduated driving laws. We help give survivors of domestic violence a voice through financial empowerment. We've been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection.


We are the Good Hands. We don't follow the trends. We set them.

Job Summary:


The Business Information Security Officer (BISO) functions as the security leader for an Area of Responsibility (AoR), the associated product portfolio, and technology resources.

This role will have dual reporting structure, one reporting to the AoR and one into Allstate Information Security.

This individual establishes and drives a business specific Information Security program aligned with the business area risks and the Allstate Corporation Information Security Program.

The BISO serves as the trusted advisor, both to the business and to the Chief Information Security Officer (CISO).

This role will liaise between the business and Allstate Information Security (AIS), keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points.

In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.


Key Responsibilities:


  • Establish a documented Information Security Program and supporting strategy for the AoR
  • Ensure program is aligned with the AIS Information Security Program, Policies and Standards
  • Ensure inclusion of all applicable regulatory, legal and contractual obligations
  • Leverage the Enterprise and AoR specific Information Security Risk Assessments to establish and monitor the program
  • Update the program annually
  • Provide input into the Allstate Corporation Information Security Program, Security Policy and Standards
  • Ensure clear lines of communication between AoR and the Chief Information Security Officer
  • Provide reporting on the state and efficacy of security controls for their projects and platforms
  • Secure ongoing security funding for special/complex projects and evangelize security awareness across the AoR
  • Within the AoR, drive Information Security risk management, policy compliance, access management, data protection, education, and awareness

Job Qualifications:


  • 8+ years of experience in audit or information security related role
  • Bachelor's Degree or equivalent experience
  • Security/Risk certification such as CISSP, CISSM, CISA or similar preferred
  • Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
  • Strong technical aptitude including principles of cloud computing, artificial intelligence, and automation
  • Project management experience highly desired
  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a datadriven decision maker
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions

Key Success Criteria:


  • Increase levels of security and reduce risk across the designated AoR and associated product portfolio
  • Improve compliance with security standards and policies across Business Unit teams
  • Greater awareness of information security and data privacy requirements (globally)
  • Drive adoption of global security program standards throughout t
More jobs from Allstate
See all jobs of Allstate