Product Security Engineer (Multiple Levels)

Your role in the team

The Product Security Engineer partners in designing and building security solutions that will balance the need for speed and flexibility of the infrastructure and IaaS/PaaS/SaaS applications, with the need to protect Allstate against ongoing and potential security threats. This role needs to have the aptitude to understand new security strategies.

Cyber Risk Assessment & Governance

• Lead and execute enterprise, business-unit, and technology-specific cyber risk assessments, including inherent risk identification, control adequacy evaluation, residual risk determination, and risk prioritization.
• Develop, enhance, and operationalize cyber risk assessment methodologies, frameworks, and assessment artifacts aligned to recognized standards (e.g., NIST CSF, NIST SP 800-53, ISO/IEC 27001, CIS, COBIT).
• Translate business and technical risks into clear, actionable risk statements, supported by evidence‑based control evaluation and impact analysis.
• Drive risk‑based decision‑making by clearly articulating risk exposure, control gaps, and mitigation options to stakeholders.

Regulatory, Compliance & Standards Alignment

• Research, interpret, and apply global and regional cybersecurity regulations and requirements (e.g., NYDFS 500, GLBA, PCI DSS, SOX ITGCs, data protection and privacy regulations, contractual security requirements).
• Analyze regulatory guidance, enforcement actions, and industry advisories to inform governance programs and risk posture.

Program Development & Continuous Improvement

• Design, enhance, and execute cybersecurity governance programs, policies, standards, procedures, and control requirements aligned to business and regulatory needs.
• Identify process gaps, control deficiencies, and maturity weaknesses; recommend risk‑based remediation strategies and pragmatic control improvements.
• Contribute to the evolution of enterprise cybersecurity risk assessment (ECRA) capabilities, including risk taxonomies, metrics, and reporting.
• Support continuous monitoring and re‑assessment of cyber risks as business, technology, and threat landscapes evolve.

Stakeholder Communication & Advisory

• Act as a trusted risk advisor to technology, engineering, and business leaders by explaining complex cybersecurity and regulatory topics in a practical, business‑relevant manner.
• Develop and deliver risk assessment summaries, executive briefings, and governance reports tailored for senior leadership, risk committees, and audit stakeholders.
• Provide guidance and mentorship to less‑experienced team members on cyber risk assessment techniques, regulatory interpretation, and governance best practices.

Essential Skills

• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate; Allstate is not providing sponsorship for this vacancy.
• Minimum of 3+ years of experience working with cybersecurity risk management concepts (threats, vulnerabilities, impact, likelihood, controls), Cloud, SaaS, and third‑party risk considerations, Identity & access management, data protection, network security, vulnerability management, and secure SDLC concepts.
• Minimum of 1 year working with one of NIST CSF, NIST SP 800-53, ISO 27001/27002, CIS Controls, or COBIT regulatory frameworks relevant to financial services, insurance, or regulated industries.

Desirable Skills

• Certified in CRISC, CISM, CISSP, or CISA.
• Experienced in large, complex, and regulated environments.

Supervisory Responsibilities

• This job does not have supervisory duties.

Benefits

• A generous, flexible benefits package including annual leave, healthcare and dental cover, pension, and lifestyle discounts.
• Access to world‑class learning platforms and award‑winning L&D.
• Clear career paths, internal mobility, and a strong focus on growth.
• A people‑first culture with flexible working options.

Statement on Fair Employment and Equal Opportunities

Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability. We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under‑represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.

Applicants should note Allstate NI completes AccessNI background checks on all candidates offered a position.

#J-18808-Ljbffr…