Information Systems Security Consultant

Who is Allstate:

Allstate Insurance Company of Canada is a leading home and auto insurer focused on providing its customers prevention and protection products and services for every stage of life. The company is proud to have been named a Best Employer in Canada for nine consecutive years and prioritizes supporting employees and fostering an inclusive, welcoming corporate culture. Allstate is committed to making a positive difference in the communities in which it operates through partnerships with charitable organizations, employee giving and volunteerism. Serving Canadians since 1953, Allstate strives to provide reassurance with its "You’re in Good Hands®" promise.

Through our Employee Value Proposition, Opportunity, Flexibility, Community, Diversity and Family, we have worked hard to develop and nurture a culture where employees feel valued, experience personal growth, have career options and truly enjoy the work they do.

Role Designation: Hybrid

Benefits to joining Allstate

• Flexible Work Arrangements
• Employee discounts (15% on auto and property insurance, plus many other products and services)
• Good Office program (receive up to 400$ back after purchasing office equipment)
• Student Loan Payment Matching Program for Government Student loans
• Comprehensive Retirement Savings Program with employer matched contributions
• Annual Wellness allowance to support employees with improving health and wellbeing
• Personal reflection day
• Tuition Reimbursement
• Working within the community and giving back!

Job Description:

Our team is growing and we are actively looking to hire an Information Systems Security Consultant to join our team!

Accountabilities:

1. Risk Assessment - 45%

· Provides expertise on the impact to the current state and recommends future-state security processes for new or updated information systems.

· Audits and assesses risks to recommend secure designs.

· Provide Security Advisory & Consultation services for product/service acquisition, solution design, implementation and management of major IT systems, projects, initiatives, M&A, new product development.

· Perform thorough and timely threat risk assessment (TRA) on applications, systems, processes and solution integrations, including cloud-based solutions and vendor services.

2. Security Controls design - 35%

· Leads the design, engineer and implementation of new security controls, solutions/technologies.

· Review current security system security measures, recommend and implement enhancements.

· Perform security technology evaluations and proof of concepts for service improvements, in-flight projects and emerging technologies.

· Investigate, design & architect specific cybersecurity controls as they are identified and required.

3. People management - 20%

· Lead one or more teams of cyber professionals to meet the organization's expectations for productivity, quality, continuous improvement, and goal accomplishment.

· Plan and allocate resources to effectively staff and accomplish the work to meet departmental productivity and quality goals.

Qualifications:

· Bachelor's Degree in Computer Science/ Computer Engineering or equivalent experience.

· Requires 10+ years of related experience in Information Systems Security design and development.

· Security certification of one or more of the following: CISSP, CRISC, CCSP, CISM, CISA, or equivalent.

· Data security risk management and mitigation processes and governance frameworks (e.g. ISO 27001/2, NIST, COBIT, etc.).

· IT governance, risk, and compliance (GRC) principles, standards, and best practices (e.g. risk management, governance, information security controls, etc.).

· Threat and attack landscape, vectors, vulnerabilities, and how they are leveraged by malicious actors.

· Continuous integration/deployment (CI/CD) practices.

· Incident response processes to investigate and respond to security incidents.

· Cross-functional applications and interdependencies for a variety of technical platforms and solutions, including network concepts and protocols.

· Systems Development Life Cycle (SDLC) and Agile methodology and principles.

· End-to-End project coordination and collaboration.

· Code versioning tools (e.g. GIT).

· Data visualization tools to prepare flow charts, models, and other documentation used in leadership decision-making (e.g. Visio).

· Trouble ticketing tools.

· Interpersonal, oral, and written communication skills.

· Analytical, critical thinking, and problem-solving skills.

· Project coordination, organizational, prioritization, and time management skills with attention to detail.

Allstate Canada Group has policies and practices that provide workplace accommodations. If you require accommodation, please let us know and we will work with you to meet your needs.