The Cybersecurity Risk Reporting resource will be part of theAllstate Information Security – Policy & Reporting teamand lead metrics & reporting Information Security Governance activities. The Risk Reporting Lead is responsible for leading the development and reporting of key cybersecurity metrics collected and monitored by Allstate’s Information Security (AIS) organization. Additionally, the Cybersecurity Reporting Analyst will support management in recommending and implementing additional metrics and furthering analytics capabilities using industry best practices. An ideal candidate will possess strong analytical and technical skills (cybersecurity-specific technical expertise preferred but not required), as well as business acumen. The role will work cross-functionally and the candidate should have excellent collaboration, influencing, and team building skills. The role will support the Security Assurance, Policy and Monitoring team in a cross-functional business analyst position.Focus areas will be metrics and reporting.
In addition, the lead will have extensive client interactions relating to technical security controls with a wide range of technology-based functions and business groups. Relevant skills include an understanding of business/technology risk, KPIs, thought leadership in designing and executing technology controls that mitigate those risks, and ability to keep up-to date with the latest technologies and potential cyber-threats.
A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups, along with tracking and reporting of critical gaps to closure & final resolution. This resource is expected serve as a trusted advisor that can clearly articulate Allstate security policies, standards, and guidelines to both technical and business audiences alike.
·5-7 years of experience in cyber performance metrics and reporting
·5-7 years of project management, consulting, and/or application security analyst experience
·Practical experience delivering security consulting services to enterprise, typically obtained in 5-7 year, or related experience in information security.
·Knowledge of Information Security Industry frameworks as well asSAP Business objects/Data warehousingskills
·Experience in performingdata mining on large datasets using SAP Business object analysis tools
·Knowledge and prior experience ofstatistical data analysisand acquiring data from various sources, analyzing results usingstatistical techniquesand developing reporting capabilities withscripting, Tableauor alternate platform
·Proficiency in Excel and relational database modeling
·Excellent analytical & technical skills, able to research problems, determine root causes and solutions
·Ability to buildKPIs, KGIs, KRIsreports and balance scorecard from conceptualization through presentation.
·Experience in risk management in highly technical environments
·Existing information security certifications desired, such as CISSP, CCSP, CISM, CISA; or
·Be responsible for establishing strong working relationships within Allstate Information Security (AIS), outside AIS, as well as other brand/affiliate organizations.
·Demonstrate practical experience evaluating technical data or security analytics
·Experience designing and implementing Information Security reporting and metrics.
·Excellent communication skills, written and verbal – this role requires interaction across the enterprise and regular interface with people at all organization levels.
·Coordinate Business As Usual (BAU) activities, overseeing monthly and quarterly metrics program. Provide assistance to management team to Identify metric anomalies/trends/outliers and challenge these accordingly.
·Proactively identify enhancement that will improve the security posture and identify cyber security control deficiencies within the organization.
·Ability to act independently and exercise good judgment as well as the ability to work cross functionally and create virtual teams is essential.
·Knowledge of security technologies (authentication, encryption, key management, sandboxing, VPNs, firewalls, intrusion detection/prevention), and security controls
·Ability to evaluate technical risk and business impact and explain the impact of security issues to both technical and non-technical audiences
·Superior attention to detail and focus on quality work packet delivery
·Ability to work in a fast-paced & team environment, prioritize workload and meet deadlines
·Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
·Excellent time management skills, ability to juggle multiple, competing priorities, with strength in identifying and implementing solutions to address the critical needs.
Bachelor’s Degree or Equivalent…
·Data Mining , Security Analytics & Scripting
·Balanced scorecards & KPIs, KGIs, KRIs
·Experience with security governance practices and business continuity experience
·Tableau & advanced Excel
Mon to Fri; 1pm to 9.30pm