Product Security Engineer (Multiple Levels)

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. For more than 90 years, our innovative drive has kept us a step ahead of our customers' evolving needs.

Your role in the team: The Product Security Engineer partners in designing and building security solutions that will balance the need for speed and flexibility of the infrastructure and IaaS/PaaS/SaaS applications, with the need to protect Allstate against ongoing and potential security threats. This role needs to have the aptitude to understand new security strategies. This position has been opened at Senior Consultant II and Lead Consultant.

Key responsibilities:

• Cyber Risk Assessment & Governance: Lead and execute enterprise, business-unit, and technology-specific cyber risk assessments, including inherent risk identification, control adequacy evaluation, residual risk determination, and risk prioritization. Develop, enhance, and operationalize cyber risk assessment methodologies, frameworks, and assessment artifacts aligned to recognized standards (e.g., NIST CSF, NIST SP 800-53, ISO/IEC 27001, CIS, COBIT). Translate business and technical risks into clear, actionable risk statements, supported by evidence-based control evaluation and impact analysis. Drive risk-based decision-making by clearly articulating risk exposure, control gaps, and mitigation options to stakeholders.
• Regulatory, Compliance & Standards Alignment: Research, interpret, and apply global and regional cybersecurity regulations and requirements (e.g., NYDFS 500, GLBA, PCI DSS, SOX ITGCs, data protection and privacy regulations, contractual security requirements). Analyze regulatory guidance, enforcement actions, and industry advisories to inform governance programs and risk posture.
• Program Development & Continuous Improvement: Design, enhance, and execute cybersecurity governance programs, policies, standards, procedures, and control requirements aligned to business and regulatory needs. Identify process gaps, control deficiencies, and maturity weaknesses; recommend risk-based remediation strategies and pragmatic control improvements. Contribute to the evolution of enterprise cybersecurity risk assessment (ECRA) capabilities, including risk taxonomies, metrics, and reporting. Support continuous monitoring and re-assessment of cyber risks as business, technology, and threat landscapes evolve.
• Stakeholder Communication & Advisory: Act as a trusted risk advisor to technology, engineering, and business leaders by explaining complex cybersecurity and regulatory topics in a practical, business-relevant manner. Develop and deliver risk assessment summaries, executive briefings, and governance reports tailored for senior leadership, risk committees, and audit stakeholders. Provide guidance and mentorship to less-experienced team members on cyber risk assessment techniques, regulatory interpretation, and governance best practices.

Essential Skills:

• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.
• A minimum of 3+ years of experience working with Cybersecurity risk management concepts (threats, vulnerabilities, impact, likelihood, controls).
• Cloud, SaaS, and third-party risk considerations.
• Identity & access management, data protection, network security, vulnerability management, and secure SDLC concepts.
• A minimum of 1 year working with one of either NIST CSF, NIST SP 800-53, ISO, CIS Controls, COBIT Regulatory frameworks relevant to financial services, insurance, or regulated industries.

Desirable Skills:

• Certified in CRISC, CISM, CISSP, CISA.
• Experienced in large, complex, and regulated environments.

Supervisory Responsibilities: This job does not have supervisory duties.

Why join us? Allstate NI is proud to be Allstate's European Digital Centre of Excellence - recent winners of 'Best Use of Cloud Services' at the Belfast Telegraph IT Awards 2024, and recognised for our community and sustainability impact at the 2024 Business in the Community Awards and Gold accreditation for Environmental Responsibility. We're a product-driven, cloud-first organisation delivering real outcomes through modern technology, a digital product-centric talent model, and a culture rooted in engineering excellence. Our teams work in cross-functional structures, guided by an outcome-based delivery approach that accelerates speed, agility, and value.

We offer:

• A generous, flexible benefits package including annual leave, healthcare and dental cover, pension, and lifestyle discounts.
• Access to world-class learning platforms and award-winning L&D.
• Clear career paths, internal mobility, and a strong focus on growth.
• A people-first culture with flexible working options.
• Be part of a high-performing, socially responsible organisation where your work has purpose, and your growth is supported every step of the way.

Statement on Fair Employment and Equal Opportunities: Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability. We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit. Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.

To be considered for this role you will be redirected to and must complete the application process on our careers page. To start the process, click the Apply button below to Login/Register.