Allstate Canada Looking for Cybersecurity Governance Risk & Compliance Consultant at Markham, Ontario, Canada Full Time

Who is Allstate:

Allstate Insurance Company of Canada is a leading home and auto insurer focused on providing its customers prevention and protection products and services for every stage of life. The company is proud to have been named a Best Employer in Canada for nine consecutive years and prioritizes supporting employees and fostering an inclusive, welcoming corporate culture. Allstate is committed to making a positive difference in the communities in which it operates through partnerships with charitable organizations, employee giving and volunteerism. Serving Canadians since 1953, Allstate strives to provide reassurance with its “You’re in Good Hands®” promise.

Through our Employee Value Proposition, Opportunity, Flexibility, Community, Diversity and Family, we have worked hard to develop and nurture a culture where employees feel valued, experience personal growth, have career options and truly enjoy the work they do.

Role Designation: Hybrid

Benefits to joining Allstate

• Flexible Work Arrangements
• Employee discounts (15% on auto and property insurance, plus many other products and services)
• Good Office program (receive up to 400$ back after purchasing office equipment)
• Student Loan Payment Matching Program for Government Student loans
• Comprehensive Retirement Savings Program with employer matched contributions
• Annual Wellness allowance to support employees with improving health and wellbeing
• Personal reflection day
• Tuition Reimbursement
• Working within the community and giving back!

Job description:

Our team is growing and we are actively looking to hire a Cybersecurity Governance Risk & Compliance Consultant to join our team!

Accountabilities:

1. Program Design & Development – 70%

· Assists and participate in ACG compliance program and work jointly with the corporate Compliance team to provide assurance of the IT controls to support this program

· Build strong relationships and provide proactive advice and recommendations to key stakeholders to ensure compliance findings are identified, understood and proactively managed to closure

· Lead or assist in the development, implementation and improvements of compliance requirements to ensure effective controls and mitigation is applied.

· Works with internal and external auditors to support the validation of security and compliance controls.

· Assists with the development, maintenance and implementation of any policies and procedures

· Recommends improvements to teams and lines of business based on observation, sampling and/or audit findings

· Works with teams to manage effective action plans in response to audit discoveries and compliance violations

· Designs and executes audit procedures to evaluate compliance with security policies and procedures and facilitates vulnerability scans, application scans, or penetration tests to identify and remediate risks.

· Perform various Risk Assessments and ensures that risks identified are assigned owners with appropriate risk treatment plans

· Produce quarterly and monthly risk reports and dashboards for senior leadership

· Provides subject matter expertise for projects of broad scope and complexity for technology security evaluation, deployment, management, and strategic planning.

· Collaborates with cross-functional development teams to analyze and coordinate efforts for security solutions and conduct post-implementation performance audits.

· Reviews and analyzes product changes for impacts to security, and architecture documentation to remediate design decisions, operating procedures, or processes that impact adherence to security commitments.

· Assist and support other GRC responsibilities as required

· Maintain a working knowledge of compliance regulations, policies, procedures of ACG and stay current with best practices in the industry.

2. Process Improvement – 30%

· Develops, monitors, coordinates, and implements policies, standards, procedures, controls, and guidelines to support IT, all Lines of Business, compliance, and audit requirements.

· Develop and implement risk management processes and procedures for the IT GRC team

· Remains abreast of evolving security trends, technologies, laws (e.g. SOX, etc.) and accreditation standards to recommend and implement changes as they arise.

Qualifications:

· Diploma or Bachelor’s degree in Computer Science.

· Requires 8+ years of relevant experience working in information security, process auditing, or other compliance related area.

· IT governance, risk, and compliance (GRC) principles, standards, and best practices (e.g. risk management, governance, information security controls, etc.).

· IT security and governance frameworks (e.g. ISO 27001/2, NIST, COBIT, etc.).

· Ability to interact with a wide range of management levels throughout the organization coupled with a strong ability to influence others.

· Strong systems acumen to quickly learn and adapt to a variety of systems.

· Interpersonal, oral, and written communication skills.

· Analytical, critical thinking, and problem-solving skills.

Bonus qualification:

· Security certification (e.g. CISSP, CISA, CISM etc.)

· Data Loss Prevention (DLP) Governance experience would be an asset

· Experience with a variance / exception management platform (e.g. RSArcher) is preferred

Allstate Canada Group has policies and practices that provide workplace accommodations. If you require accommodation, please let us know and we will work with you to meet your needs.