At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.Job Description The Security Governance Senior Consultant II / Senior Security Governance Specialist is responsible for designing, executing, and evaluating cybersecurity governance, risk management, and compliance (GRC) activities to protect enterprise information, technology assets, and business operations. This role serves as a senior individual contributor with deep expertise in cyber risk assessment, regulatory interpretation, control evaluation, and risk-based decision support.The role partners closely with technology, business, legal, compliance, privacy, and internal audit teams to ensure cybersecurity risks are identified, assessed, communicated, and managed in alignment with regulatory requirements, industry standards, and organizational risk appetite.Key ResponsibilitiesCyber Risk Assessment & GovernanceLead and execute enterprise, business-unit, and technology-specific cyber risk assessments, including inherent risk identification, control adequacy evaluation, residual risk determination, and risk prioritizationDevelop, enhance, and operationalize cyber risk assessment methodologies, frameworks, and assessment artifacts aligned to recognized standards (e.g., NIST CSF, NIST SP 800-53, ISO/IEC 27001, CIS, COBIT)Translate business and technical risks into clear, actionable risk statements, supported by evidence-based control evaluation and impact analysisDrive risk-based decision-making by clearly articulating risk exposure, control gaps, and mitigation options to stakeholders.Regulatory, Compliance & Standards AlignmentResearch, interpret, and apply global and regional cybersecurity regulations and requirements (e.g., NYDFS 500, GLBA, PCI DSS, SOX ITGCs, data protection and privacy regulations, contractual security requirements)Analyze regulatory guidance, enforcement actions, and industry advisories to inform governance programs and risk postureProgram Development & Continuous ImprovementDesign, enhance, and execute cybersecurity governance programs, policies, standards, procedures, and control requirements aligned to business and regulatory needsIdentify process gaps, control deficiencies, and maturity weaknesses; recommend risk-based remediation strategies and pragmatic control improvementsContribute to the evolution of enterprise cybersecurity risk assessment (ECRA) capabilities, including risk taxonomies, metrics, and reportingSupport continuous monitoring and re-assessment of cyber risks as business, technology, and threat landscapes evolveStakeholder Communication & AdvisoryAct as a trusted risk advisor to technology, engineering, and business leaders by explaining complex cybersecurity and regulatory topics in a practical, business-relevant mannerDevelop and deliver risk assessment summaries, executive briefings, and governance reports tailored for senior leadership, risk committees, and audit stakeholdersProvide guidance and mentorship to less-experienced team members on cyber risk assessment techniques, regulatory interpretation, and governance best practicesRequired Knowledge, Skills & CompetenciesTechnical & Risk ExpertiseStrong understanding of: Cybersecurity risk management concepts (threats, vulnerabilities, impact, likelihood, controls) Cloud, SaaS, and third-party risk considerations Identity & access management, data protection, network security, vulnerability management, and secure SDLC conceptsHands-on experience with: NIST CSF, NIST SP 800-53, ISO 27001/27002, CIS Controls, COBIT Regulatory frameworks relevant to financial services, insurance, or regulated industriesProfessional SkillsAbility to translate technical risks into business-impact-focused languageStrong analytical, documentation, and critical-thinking skillsProven ability to influence without authority and work across matrixed organizationsHigh attention to detail with strong judgment in risk interpretation and prioritizationExperience10–14 years of progressive experience in cybersecurity risk management, security governance, compliance, audit, or related cybersecurity roles (Preferred)Experience in large, complex, and regulated environments strongly preferredEducation
4 year Bachelors Degree (Preferred)
CertificationsCRISC, CISM, CISSP, CISAISO 27001 Lead Implementer / AuditorRelevant cloud or risk certificationsSupervisory Responsibilities
This job does not have supervisory duties.
Primary Skills Cybersecurity, Cybersecurity Risk Assessment, Cybersecurity Risk Management, IT Security OperationsShift TimeRecruiter Info Hiral Parag Rughanihparb@allstate.comAbout AllstateJoining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.The Allstate Corporation is one of the largest publicly held insurance providers in the United States. Ranked No. 84 in the 2023 Fortune 500 list of the largest United States corporations by total revenue, The Allstate Corporation owns and operates 18 companies in the United States, Canada, Northern Ireland, and India. Allstate India Private Limited, also known as Allstate India, is a subsidiary of The Allstate Corporation. The India talent center was set up in 2012 and operates under the corporation's Good Hands promise. As it innovates operations and technology, Allstate India has evolved beyond its technology functions to be the critical strategic business services arm of the corporation. With offices in Bengaluru and Pune, the company offers expertise to the parent organization’s business areas including technology and innovation, accounting and imaging services, policy administration, transformation solution design and support services, transformation of property liability service design, global operations and integration, and training and transition.Learn more about Allstate India .
