Cyber Regulatory and Compliance Lead
Company: Allstate Insurance
Posted on: September 16, 2020
The world isn't standing still, and neither is Allstate. We're
moving quickly, looking across our businesses and brands and taking
bold steps to better serve customers' evolving needs. That's why
now is an exciting time to join our team. As a leader in a
corporation with 83,000 employees and agency force members, you'll
have a hand in transforming not only Allstate but a dynamic
industry. You'll have opportunities to take risks, challenge the
status quo and shape the future for the greater good.
You'll do all this in an environment of excellence and the highest
ethical standards - a place where values such as integrity,
inclusive diversity and accountability are paramount. We empower
every employee to lead, drive change and give back where they work
and live. Our people are our greatest strength, and we work as one
team in service of our customers and communities.
Everything we do at Allstate is driven by a shared purpose: to
protect people from life's uncertainties so they can realize their
hopes and dreams. For 89 years we've thrived by staying a step
ahead of whatever's coming next - to give customers peace of mind
no matter what changes they face. We acted with conviction to
advocate for seat belts, air bags and graduated driving laws. We
help give survivors of domestic violence a voice through financial
empowerment. We've been an industry leader in pricing
sophistication, telematics, digital photo claims and, more
recently, device and identity protection. We are the Good Hands. We
don't follow the trends. We set them.
The Cyber Regulatory and Compliance Lead will primarily be
responsible for ensuring Allstate achieves annual compliance with
the State Cyber regulations in alignment with Allstate's risk
tolerance. The individual will be a seasoned Governance, Risk and
Compliance professional with a strong and well-rounded Cyber
knowledge that would enable them to speak with authority to all
Cyber regulatory control requirements including knowledge around
implementation and integration complexities.
The ideal person would take a positive and directive approach to
all the associated communications and organization that go along
with a program of work of this size, magnitude and importance.
Advanced interpersonal skills and gravitas will be required for
problem-solving, collaboration with virtual cross-functional work
groups. Strong attention to detail will be needed in the design and
implementation of the Entity Compliance Packages associated with
compliance around our control environment. The successful
individual will serve as an adaptable and agile trusted advisor who
can clearly communicate complex information in a timely fashion to
technical and business audiences alike and at all levels within
* Provide strong regulatory compliance support, scope management
and communication, defining evidence requirements and program
management as required.
* Review new regulations for security impact and document
requirements for compliance.
* Communicate requirements and compliance status to security
leadership and impacted technical teams.
* Coordinate project managers and participate in meetings to ensure
the accuracy of scoping, requirements documentation, gap
identification, remediation and compliance requirements are
* Partner with risk management to ensure the transparent
communication of risk reporting related to compliance revaluations
and identified gaps.
* Review evidence submissions to ensure regulatory requirements are
met and provide validation of gap closure.
* Track remediation of any gaps to compliance with the
implementation area to ensure closure and tracking to
* Support delivery / implementation leads in promoting and
consulting on the positions that help strengthen and secure the
organization in alignment with regulatory requirements by either
following standards or helping direct others on technology
* Help facilitate review of changes in company processes, standards
and technology to ensure the effectiveness of security controls to
meet compliance requirements.
* Help consult with stakeholders on requirements for new and
existing business / technology solutions to assure compliance to
regulations, compliance frameworks and internal standards and
governing policies and procedures.
* Provide Archer GRC tool administration for security controls
assessment workflow and evidence gathering within the compliance
and issues management modules.
* Build effective working relationships, making sound decisions,
successfully making changes, initiating action and achieving
results as a trusted advisor.
* Self-starter who demonstrates complete ownership over assigned
objectives and is able to work independently in a "semi-structured"
environment, but also recognizes when guidance is needed from
program management and delivery leaders.
* Minimum 6 years of IT experience - security governance,
regulatory governance and/or IT audit preferred.
* Minimum 3 years of project management, consulting, and/or
security engineering or architecture experience.
* Relevant postsecondary education and/or industry standard
certifications preferred (i.e., CISA, CISM, CISSP, CompTIA, Cisco,
CheckPoint, Microsoft, EC-Council, ISACA, ISC2, SANS
* Strong organizational skills, ability to effectively manage
multiple, competing projects/priorities while achieving targeted
* Strong audit and compliance assessment skills, ability to
effectively define gaps, evidence and remediation requirements
while achieving targeted delivery results.
* Effective written, verbal communication skills. Ability to tailor
communication style to audience at hand.
* Ability to effectively work with technical and non-technical
resources, able to partner with multiple business groups, senior
managers, and senior network architects or engineers.
* Ability to write "high quality" documentation and/or
presentations is a must.
* Proficient in MS Office Suite.
* Remain current in knowledge of cybersecurity regulatory landscape
to account for changing circumstances when evaluating security
compliance. Maintain technical proficiency via self or formal
* Strong understanding of IT security best practices by applying
depth and breadth of expertise in multiple domains and security
The candidate(s) offered this position will be required to submit
to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands--.
As a Fortune 100 company and industry leader, we provide a
competitive salary - but that's just the beginning. Our Total
Rewards package also offers benefits like tuition assistance,
medical and dental insurance, as well as a robust pension and
401(k). Plus, you'll have access to a wide variety of programs to
help you balance your work and personal life -- including a
generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter,
Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for
employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA)
1242, it is against public policy of the State of Indiana and a
discriminatory practice for an employer to discriminate against a
prospective employee on the basis of status as a veteran by
refusing to employ an applicant on the basis that they are a
veteran of the armed forces of the United States, a member of the
Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click "here" for information
regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information
regarding the Los Angeles Fair Chance Initiative for Hiring
To view the "EEO is the Law" poster click "here". This poster
provides information concerning the laws and procedures for filing
complaints of violations of the laws with the Office of Federal
Contract Compliance Programs
To view the FMLA poster, click "here". This poster summarizing the
major provisions of the Family and Medical Leave Act (FMLA) and
telling employees how to file a complaint.
It is the Company's policy to employ the best qualified individuals
available for all jobs. Therefore, any discriminatory action taken
on account of an employee's ancestry, age, color, disability,
genetic information, gender, gender identity, gender expression,
sexual and reproductive health decision, marital status, medical
condition, military or veteran status, national origin, race
(include traits historically associated with race, including, but
not limited to, hair texture and protective hairstyles), religion
(including religious dress), sex, or sexual orientation that
adversely affects an employee's terms or conditions of employment
is prohibited. This policy applies to all aspects of the employment
relationship, including, but not limited to, hiring, training,
salary administration, promotion, job assignment, benefits,
discipline, and separation of employment.
Keywords: Allstate Insurance, Charlotte , Cyber Regulatory and Compliance Lead, Other , Charlotte, North Carolina
Didn't find what you're looking for? Search again!