Senior Cyber & Technology Risk Consultant

Introduction

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Job Description

The Business Title for this role is IT Risk Management Senior Consultant II. This role sits within the Enterprise Risk & Return Management organization, specializing in Cyber and Technology Risk. The team operates as a second‑line risk function, partnering closely with digital product, engineering, and security teams across a large enterprise environment.

Team's Key Areas of Focus

• Assessing cybersecurity and technology controls
• Ensuring controls are well‑designed and operating effectively
• Improving efficiency through process optimization and automation
• Supporting enterprise‑wide risk profiling used by Security, Audit, Compliance, and Regulatory teams

Role Overview

The Senior Cyber Risk & Controls Consultant will support and execute technology and cybersecurity control assessments across applications, infrastructure, and digital products. This role balances hands‑on control testing with process improvement and automation thinking, helping the team scale efficiently while maintaining strong risk oversight.

Ideal Candidate

The ideal candidate is a self-starter, proactive problem solver, and someone able to work with minimal guidance while bringing forward new ideas, improvements, and opportunities to leverage AI and automation.

Essential Functions

• Ensure that the controls are appropriately designed, implemented correctly, and functioning effectively in alignment with NIST 800 53, NIST CSF, COBIT, and internal standards
• Perform technology and cybersecurity control operating effectiveness testing
• Collect and assess evidence from product and technology teams
• Identify control gaps, deficiencies, and improvement opportunities
• Support ongoing process improvements to make control testing more efficient and risk‑focused
• Identify opportunities to apply AI tools to streamline testing, evidence analysis, reporting, and continuous control monitoring