At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
Your role in the team
The Product Security Engineer partners in designing and building security solutions that will balance the need for speed and flexibility of the infrastructure and IaaS/PaaS/SaaS applications, with the need to protect Allstate against ongoing and potential security threats. This role needs to have the aptitude to understand new security strategies.
This position has been opened at Senior Consultant II and Lead Consultant.
Key responsibilities:
Cyber Risk Assessment & Governance
Lead and execute enterprise, business-unit, and technology-specific cyber risk assessments, including inherent risk identification, control adequacy evaluation, residual risk determination, and risk prioritization
Develop, enhance, and operationalize cyber risk assessment methodologies, frameworks, and assessment artifacts aligned to recognized standards (e.g., NIST CSF, NIST SP 800-53, ISO/IEC 27001, CIS, COBIT)
Translate business and technical risks into clear, actionable risk statements, supported by evidence-based control evaluation and impact analysis
Drive risk-based decision-making by clearly articulating risk exposure, control gaps, and mitigation options to stakeholders.
Regulatory, Compliance & Standards Alignment
Research, interpret, and apply global and regional cybersecurity regulations and requirements (e.g., NYDFS 500, GLBA, PCI DSS, SOX ITGCs, data protection and privacy regulations, contractual security requirements)
Analyze regulatory guidance, enforcement actions, and industry advisories to inform governance programs and risk posture
Program Development & Continuous Improvement
Design, enhance, and execute cybersecurity governance programs, policies, standards, procedures, and control requirements aligned to business and regulatory needs
Identifyprocess gaps, control deficiencies, and maturity weaknesses; recommend risk-based remediation strategies and pragmatic control improvements
Contribute to the evolution of enterprise cybersecurity risk assessment (ECRA) capabilities, including risk taxonomies, metrics, and reporting
Support continuous monitoring and re-assessment of cyber risks as business, technology, and threat landscapes evolve
Stakeholder Communication & Advisory
Act as a trusted risk advisor to technology, engineering, and business leaders by explaining complex cybersecurity and regulatory topics in a practical, business-relevant manner
Develop and deliver risk assessment summaries, executive briefings, and governance reports tailoredforsenior leadership, risk committees, and audit stakeholders
Provide guidance and mentorship to less-experienced team members on cyber risk assessment techniques, regulatory interpretation, and governance best practices
Essential Skills:
All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy
A minimum of 3+yearsof experienceworking withCybersecurity risk management concepts (threats, vulnerabilities, impact, likelihood, controls) Cloud, SaaS, and third-party risk considerations Identity & access management, data protection, network security, vulnerability management, and secure SDLC concepts
Aminimum of 1 year working withone ofeitherNISTCSF, NIST SP 800-53, ISO 27001/27002, CIS Controls, COBIT Regulatory frameworks relevant to financial services, insurance, or regulated industries
Desirable Skills
Certified inCRISC, CISM, CISSP, CISA.
Experienced in large, complex, and regulated environments.
Supervisory Responsibilities:
This job does not have supervisory duties
Posting Closing date Thursday 4th June 2026 {11.59pm}
Skills
Information Security Engineering, IT Security Operations, Risk Management, Security Tools, Stakeholder Engagement
Why join us?
Allstate NI is proud to be Allstate’s European Digital Centre of Excellence, a hub for innovation and engineering excellence. We’re recent winners of Best Place to Work in IT (100+ employees) and Best Use of Cloud Services at the Belfast Telegraph IT Awards, and we’ve been recognised for our community and sustainability impact with Platinum in the Northern Ireland Environmental Benchmarking Survey.
We’re a product-driven, cloud-first organisation delivering real outcomes through modern technology, a digital product-centric talent model, and a culture rooted in engineering excellence. Our teams work in cross-functional structures, guided by an outcome-based delivery approach that accelerates speed, agility, and value.
We also invest in you. At Allstate NI, your career growth matters. You’ll have access to our Continuous Learning Hub, designed to support skills development and professional advancement through tailored learning paths, certifications, and mentoring opportunities. Whether you’re deepening technical expertise or exploring leadership roles, we provide the tools and support to help you thrive.
As well as receiving a competitive annual salary, our reward package includes:
Be part of a high-performing, socially responsible organisation where your work has purpose, and your growth is supported every step of the way.
At Allstate, we're advocates for peace of mind and a good life. And that comes through in everything we do.
From building innovative teams that truly understand our customers' needs, to challenging each other to develop our careers in a meaningful way, and finally to the incredible results we're able to achieve together.
See how we’re creating a better future through innovation, advocacy, and empowering people and communities.
