Cloud information security Governance Consultant
Think Technology- Think Allstate
We build solutions that touch 16 million customers on a daily basis.
You will work alongside people as passionate as you, focused on delivering the best possible user experiences.
You will work in a highly collaborative environment primed to adapt to an ever-changing landscape and which places technology solutions at its core.
You will thrive, you will think differently, you will challenge convention and have the freedom to act with integrity, intention and speed; you will be at the forefront of developing capabilities in support of Allstate’s global business model; you will deliver results and you will leave things better than you found them.
The Cloud Information Security Governance Consultant resource will be part of the Allstate Information Security – Consulting Services and lead Cloud Information Security Governance activities. This includes working closely with the cloud security engineering, product, software, and infrastructure development teams to implement best practices within the cloud-based environments. As well as working closely with developers and system architects to diagnose, document, solution, and remediate any deviations from governance standards. Addition responsibility includes but not limited to contributing to the evaluation, recommendations and implementations of cloud security controls in an automated continuous integration/deployment environment.
In addition, the consultant will have extensive client interactions relating to technical security controls with a wide range of technology-based functions and business groups. Relevant skills include an understanding of business/technology risk, thought leadership in designing and executing cloud / technology controls that mitigate those risks, and ability to keep up-to date with the latest technologies and potential cyber-threats.
A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups, along with tracking and reporting of critical gaps to closure & final resolution. This resource is expected serve as a trusted advisor that can clearly articulate Allstate security policies, standards, and guidelines to both technical and business audiences alike.
Responsibilities include (but aren't limited to):
- Work closely with application development, cloud, Governance, and Compliance teams to help formulate and implement a strategy for cloud-based security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Develop and maintain a balanced cloud security governance framework based on industry standards
- Ensure compliance with society, regulatory, and industry standards for cloud-based security.
- Continuously evaluate the organization’s existing cloud security practices, define and measure security-related activities, and demonstrating improvements to the cloud programs within the organization.
- Evaluate business strategies, requirements, and user needs, existing usage cloud platforms, technical capabilities, and overall cloud application maturity, and provides strategic guidance and best-practices based recommendations for implementing governance boards and proven best practices for cloud-based application/platform development, deployment, and support.
- Support lead security consultants in promoting and consulting on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
- Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements
- Help consult with stakeholders on requirements for new and existing business / technology solutions to assure compliance to compliance frameworks and internal standards and governing policies and procedures
- Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor
- Must be an EU citizen or possess a current UK Tier 1 Visa or Tier 2 visa and eligible to take up full time, permanent employment. EU candidates must also demonstrate they are eligible to take up UK employment post-Brexit.
- Minimum 5 - 7 years of experience in cloud security governance and/or secure application/platform development
- Minimum 3 - 5 years of project management, consulting, and/or application security analyst experience
- A strong understanding and experience with establishing cloud security governance across an organization
- Practical understanding and use of cloud computing, cloud security governance framework, and cloud security tools
- Thorough knowledge of common application vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies
- Basic knowledge of Security Analysis (manual and leveraging automated scanning tools).
- Understanding and passion for Agile/XP/Scrum/Kanban, Test Driven Development built on User Stories and Continuous Integration/Testing/Delivery
- Relevant postsecondary education and/or industry standard certifications preferred (i.e., CompTIA, Microsoft, EC-Council, ISACA, ISC2, SANS Institute/GIAC, EMC, Amazon, VMware), AWS Certified Solutions Architect, CompTIA Cloud+ Certification, Certificate of Cloud Security Knowledge (CCSK)
- Strong understanding of IT security best practices by applying depth and breadth of expertise in multiple related disciplines
- A demonstrable passion for application security, general understanding of SDLC processes and key security checkpoints along with software development methodologies
- Must be fluent in reviewing technical reports based on findings.
- Strong a self-starter who has the ability to operate independently and demonstrates complete ownership over assigned objectives in a "semi-structured" environment, but also recognizes when guidance is needed
- Ability to effectively work with technical and non-technical resources
- Demonstrated success at leading cross-functional projects leveraging SDLC methodology.
- Familiarity with both static analysis and/or dynamic scanning tools.
- Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
- Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
- Effective written, verbal communication skills - Ability to tailor communication style to audience at hand and write "high quality" documentation and/or presentations is a must
- Ability to stay up to date with the current cybersecurity threat landscape to account for changing circumstances when evaluating security risks
- Ability to develop/enhance partnerships with key stakeholders
- Ability to maintain technical proficiency via self or formal training
- Proficient in MS Office Suite (Word, Excel, PowerPoint, OneNote, Project, Access, Visio) and SharePoint
For more information and to apply, CLICK THE APPLY BUTTON.
Closing Date: 21st June 2019
Statement on Fair Employment and Equal Opportunities:
Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.
Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.