Cyber and Technology Risk Analyst - Lead Consultant

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. 

Job Description

The Cyber and Technology Risk Analyst – Lead Consultant leads comprehensive cyber and technology risk assessments, providing independent oversight, challenge, and advisory across the organization’s technology landscape. This role is part of the Cyber and Technology Risk Management team, partnering with Technology, Security, and Business leaders to strengthen risk posture and support informed decision-making. The role requires strong analytical capability to evaluate complex risk scenarios, develop attack paths, assess control effectiveness, and deliver actionable insights while proactively monitoring emerging threats and driving effective risk mitigation strategies.

Key responsibilities

• Lead and execute complex technology and cyber risk assessments across business and IT functions, evaluating potential impacts and recommending practical mitigation strategies.  

• Analyze risk scenarios and control effectiveness to identify gaps, emerging risks, and key risk drivers using both structured and unstructured data sources.  

• Develop clear, concise, and actionable risk reports and presentations for stakeholders at all levels, including senior leadership and the Board.  

• Challenge existing practices and influence enhancements to technology standards, policies, and controls to strengthen the organization’s risk posture.  

• Identify, assess, and communicate potential threats to the technology environment, tailoring messaging for both technical and non-technical audiences.  

• Monitor industry trends, regulatory developments, and emerging cyber threats to proactively identify future risk exposures and inform strategy.  

• Support the design, implementation, and continuous improvement of risk management frameworks, methodologies, and controls.  

• Collaborate cross-functionally with technology, security, compliance, and business teams to ensure alignment and effective risk management practices.  

• Translate findings into actionable remediation recommendations, driving improvements across technology and operations.   

• Serve as a trusted advisor to Technology, Security, and Risk partners, providing expert guidance on cyber and technology risk management best practices.  

Essential Skills

• Minimum 4 years’ hands on experience in cyber or technology risk management.  
• Strong expertise in cyber threat modeling, including hands-on experience using the MITRE ATT&CK framework to develop attack path simulations, assess adversary tactics, and evaluate control effectiveness.  
• Solid working knowledge of core technology infrastructure, including networks, cloud platforms, storage, operating systems, identity and access management, and security architecture.  
• Advanced analytical skills with the ability to synthesize complex risk scenarios and data into actionable insights and clear recommendations for technical and business stakeholders.  
• Proven ability to influence and communicate effectively across all levels of the organization, translating technical risk concepts into business impact for senior leadership and non-technical audiences. 

Desirable Skills

• Exposure to second-line risk management, internal audit, or established technology risk frameworks 
• Working knowledge of cloud risk and modern architecture (e.g., multi-cloud, containerization, zero trust concepts).
• Experience with risk tooling or GRC platforms to support risk lifecycle management 
• Relevant security certifications (e.g., CISSP, CISM, CRISC, CEH, OSCP) 
• Exposure to red teaming or adversary simulation training/certifications is a plus 

Supervisory Responsibilities

• This job does not have supervisory duties.

(#LI-NJ1)

Skills

Adversary Simulation, Cloud Security Risk Management, Compliance, Cybersecurity Risk Management, Cyber Threat Modeling, Emerging Risks, GRC Platform, Identity Access Management (IAM), MITRE ATT&CK Framework, Red Teaming, Risk Assessments, Risk Framework, Risk Management Framework, Risk Management Strategies, Risk Mitigation, Risk Mitigation Strategies, Risk Strategies, Security Architecture Design, Technology Risk, Technology Risk Management

Compensation

Compensation offered for this role is 90,700.00 - 153,925.00 annually and is based on experience and qualifications.

The candidate(s) offered this position will be required to submit to a background investigation.

Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.

To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse. Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs.

When working from home, you must have a dedicated, private workspace free from distractions, along with appropriate desk and seating. Reliable internet is required, with minimum speeds of 50 MB download and 5 MB upload.