Cyber Regulatory and Compliance Lead

 Not Specified
 Not Specified
 Sunday, September 13, 2020

The world isn’t standing still, and neither is Allstate.  We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs.  That’s why now is an exciting time to join our team. As a leader in a corporation with 83,000 employees and agency force members, you’ll have a hand in transforming not only Allstate but a dynamic industry.  You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount.  We empower every employee to lead, drive change and give back where they work and live.  Our people are our greatest strength, and we work as one team in service of our customers and communities.

Everything we do at Allstate is driven by a shared purpose: to protect people from life’s uncertainties so they can realize their hopes and dreams.  For 89 years we’ve thrived by staying a step ahead of whatever’s coming next – to give customers peace of mind no matter what changes they face.  We acted with conviction to advocate for seat belts, air bags and graduated driving laws.  We help give survivors of domestic violence a voice through financial empowerment.  We’ve been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection.  We are the Good Hands.  We don’t follow the trends. We set them.


Job Description

The Cyber Regulatory and Compliance Lead will primarily be responsible for ensuring Allstate achieves annual compliance with the State Cyber regulations in alignment with Allstate’s risk tolerance.  The individual will be a seasoned Governance, Risk and Compliance professional with a strong and well-rounded Cyber knowledge that would enable them to speak with authority to all Cyber regulatory control requirements including knowledge around implementation and integration complexities. 

The ideal person would take a positive and directive approach to all the associated communications and organization that go along with a program of work of this size, magnitude and importance.  Advanced interpersonal skills and gravitas will be required for problem-solving, collaboration with virtual cross-functional work groups.  Strong attention to detail will be needed in the design and implementation of the Entity Compliance Packages associated with compliance around our control environment.  The successful individual will serve as an adaptable and agile trusted advisor who can clearly communicate complex information in a timely fashion to technical and business audiences alike and at all levels within Allstate.

Key Responsibilities

  • Provide strong regulatory compliance support, scope management and communication, defining evidence requirements and program management as required.
  • Review new regulations for security impact and document requirements for compliance.
  • Communicate requirements and compliance status to security leadership and impacted technical teams.
  • Coordinate project managers and participate in meetings to ensure the accuracy of scoping, requirements documentation, gap identification, remediation and compliance requirements are met.
  • Partner with risk management to ensure the transparent communication of risk reporting related to compliance revaluations and identified gaps.
  • Review evidence submissions to ensure regulatory requirements are met and provide validation of gap closure. 
  • Track remediation of any gaps to compliance with the implementation area to ensure closure and tracking to deadlines.
  • Support delivery / implementation leads in promoting and consulting on the positions that help strengthen and secure the organization in alignment with regulatory requirements by either following standards or helping direct others on technology positions.
  • Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements.
  • Help consult with stakeholders on requirements for new and existing business / technology solutions to assure compliance to regulations, compliance frameworks and internal standards and governing policies and procedures.
  • Provide Archer GRC tool administration for security controls assessment workflow and evidence gathering within the compliance and issues management modules.
  • Build effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor.

Job Qualifications

  • Self-starter who demonstrates complete ownership over assigned objectives and is able to work independently in a "semi-structured" environment, but also recognizes when guidance is needed from program management and delivery leaders.
  • Minimum 6 years of IT experience – security governance, regulatory governance and/or IT audit preferred.
  • Minimum 3 years of project management, consulting, and/or security engineering or architecture experience.
  • Relevant postsecondary education and/or industry standard certifications preferred (i.e., CISA, CISM, CISSP, CompTIA, Cisco, CheckPoint, Microsoft, EC-Council, ISACA, ISC2, SANS Institute/GIAC, PCIP).
  • Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results.
  • Strong audit and compliance assessment skills, ability to effectively define gaps, evidence and remediation requirements while achieving targeted delivery results. 
  • Effective written, verbal communication skills. Ability to tailor communication style to audience at hand. 
    • Ability to effectively work with technical and non-technical resources, able to partner with multiple business groups, senior managers, and senior network architects or engineers.
    • Ability to write "high quality" documentation and/or presentations is a must.
    • Proficient in MS Office Suite.
  • Remain current in knowledge of cybersecurity regulatory landscape to account for changing circumstances when evaluating security compliance.  Maintain technical proficiency via self or formal training.
  • Strong understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines.

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.


Good Work. Good Life. Good Hands®.


As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning.  Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k).  Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.


Learn more about life at Allstate.  Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.


Allstate generally does not sponsor individuals for employment-based visas for this position.


Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.


For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.


To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs


To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.


It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.