Business Security Compliance Coordinator
Where good people build rewarding careers.
Think that working in the insurance field cant be exciting, rewarding and challenging? Think again. Youll help us reinvent protection and retirement to improve customers lives. Well help you make an impact with our training and mentoring offerings. Here, youll have the opportunity to expand and apply your skills in ways you never thought possible. And youll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
The main purpose of the Operational Risk Job Family is to serve as the first line of defense for key operational risks that are inherent to day-to-day business operations. As outlined in Allstates Enterprise Operational Risk and Return Management (ORRM) Framework, the first line of defense roles are responsible for managing operational risks that are common across the enterprise or unique to the individual Area of Responsibility (AoR) through the use of risk management and control processes designed to identify, measure, manage, monitor and report risks. This is accomplished by following a consistent approach to properly identify operational risks, execute risk and control activities as intended, highlight heightened/emerging risks or inadequate processes, address control breakdowns, and communicate to key stakeholders which include AoR Senior Leadership and Risk and Return Management.
The Allstate Benefits (AB) Operational Risk Expert serves as the first line of defense for managing key data and security related areas of operational risk at a AB business level. The role is responsible for understanding enterprise level risk and control standards, methods and tools, and applying those standards, methods and tools at AB in a manner that is consistent, repeatable and embedded seamlessly in day-to-day operations. The scope of responsibilities spans a spectrum of operational risks focusing on but not limited to information security, privacy and data governance. The Operational Risk Expert, in partnership with applicable corporate governance teams, is responsible for identifying risks that may adversely impact the current or future state of the ABs business operations. The role is responsible for developing controls to mitigate the significant risks, creating transparency in current and emerging risks, and applying lessons learned from incidents or near misses to develop action plans and roadmaps for completion. This role acts as the risk subject matter expert to AB along with a broad enterprise perspective.
The scope of responsibilities are defined below and generally include:
- Responsible for creating change management plans and roadmaps to deploy new risk and control methods based upon enterprise standards specific to each risk category.
- The individual will foster timely communication across AB and with enterprise partners, and have the ability to influence business leaders to ensure risk transparency, accountability, and proactive risk mitigation where appropriate.
The role is an individual contributor, will require the ability to complete work through others, and will be responsible for one or more of the following:
1. Partnership Work effectively and efficiently with Corporate Governance and Business Unit Risk Teams
- Provides and receives information related to enterprise governance functions including the Allstate Information Security, Privacy and Data Governance Teams.
- Partners closely with the business unit Risk Management Team to ensure alignment of objectives, use of appropriate risk tools and methodologies and appropriate reporting of risks.
2. Cybersecurity Owns and executes ABs Information Security Program and supporting strategy
- Creates heightened awareness and accountability for information security risks within the AB business
- Partners with the IT Business Information Security Officer to ensure ABs program is aligned with enterprise Information Security Program, Policies and Standards.
- Ensures control standards are deployed at the AB level and reports program performance and key risk metrics.
- Ensures inclusion of all applicable regulatory, legal and contractual obligations.
- Leverages the enterprise and ABs specific Information Security Risk Assessments to establish and monitor the program.
- Updates the program annually or as needed based upon business changes, changing threat landscape and/or changes in regulatory/contractual requirements to include
- Information Security Risk Management
- Policy and Standards Compliance
- Access Management
- Data Protection
- Education and Awareness
3. Privacy Protect Personally Identifiable Information (PII) used to conduct business operations
- Ensures appropriate mitigation of PII risks in AB and deploy appropriate controls.
- Creates heightened awareness of PII policies and procedures in AB, report and remediate incidents or issues.
- Ensures PII is used only as intended and use follows defined control practices.
- Partners with Enterprise Privacy team to advance long term objectives within AB including:
- PII inventory
- Role based access
- Ongoing risk and impact assessments
- Third Party assessments
- Compliance with privacy related legal and regulatory obligations
- Evaluate AB business changes for impacts to privacy policies or processes
4. Data Governance Responsible for the quality and integrity of ABs data
- Ensures quality, integrity and understanding of data used to conduct business operations including future strategies.
- Proactively manages and maintains the health of business data elements - both content and metadata.
- Ensures AB achieves standards of data quality and integrity.
- Ensures knowledge of data across AB, particularly for those who use or consume it.
- Ensures adherence to data governance and data strategy principles, policies, and operating procedures for the AoRs data and projects impacting the data.
- Bachelor's Degree or related experience is preferred
- Seven years or more of experience in risk, audit, data governance, privacy, or an information security related role
- Experience applying audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data governance
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Experience translating technical language to business terms
- Project management experience preferred
- Ability to interpret and apply policies and practices across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
- Experience communicating with leaders at multiple levels and facilitating team interactions
- Experience working in a matrix environment and influencing both upward and cross-functionally
- Experience applying change management practices
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands.
As a Fortune 100 company and industry leader, we provide a competitive salary but thats just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, youll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.