Home Job Search Manager, Incident Handling (Remote – Home Based Worker)

Allstate

Manager, Incident Handling (Remote – Home Based Worker)

Role overview

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Job Description

Job Summary

The Incident Handling Manager of the Global Security Fusion Center (GSFC) will oversee the operations of Incident Handling such as incident response, threat detection and mitigation efforts. This individual will effectively run the operations by coordinating with different service areas across GSFC and maintain the overall security posture of the organization. This leadership role will effectively communicate with stakeholders and senior leadership team especially during a major incident. This individual serves as an incident manager during major incidents and supports the investigations carried out by the team.

The Incident Handling Manager mentors the Lead analysts and other analysts of the team and reviews the performance of the individuals. This Manager role also leads teams in the development and evaluation of programs, processes and procedures to mitigate cybersecurity risk, ensuring protection of company information and assets, and understanding and applying pertinent industry and government regulations, contracts, and requirements.

Key Responsibilities

Lead and manage Security Operations Center across different regions and shifts with primary responsibilities in security event monitoring, management, and response.
Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
Review policies and highlight the challenges in managing SLAs.
Review standard operating procedures to ensure SOC continues to effectively meet operational requirements.
Provide team & vendor management, evaluate overall use of resources, and initiate corrective action where required for SOC.
Create reports, dashboards, and metrics and present to Sr. Mgmt.
Evaluate existing technical capabilities and systems and identify opportunities for improvement.
Oversee training and exercises to ensure SOC team proficiency. Conduct after action reviews to identify lessons learned and best practices.
Work closely Security Leadership to identify and implement process changes, improvements, and efficiencies to ensure solid security practices.
Develop communication channels with technology owners and business to evangelize the evolving threat landscape.

Job Qualifications

Ideal candidate will have 10+ years incident handling and incident response experience.
Technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.
Know how to lead investigations and direct incident handlers and question the investigative process being followed.
Possess experience in writing both technical incident investigation reports as well as reports for senior leadership.
Ability to manage multiple initiatives at once in addition to day-to-day operations.
Experience in managing teams of 8 or more people and providing mentorship.
Advanced incident investigation and response experience.
Advanced log parsing and analysis skill sets.
Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.).
Moderate knowledge of Windows, Unix/Linux, and Mac operating systems.
Moderate knowledge of SIEM technologies and use case design.
Moderate knowledge of malware operations and indicators.
Moderate knowledge of network defenses such as firewalls, IDS/IPS, Packet Capture, Proxies.
Moderate experience with scripting.
Moderate knowledge of forensic techniques.
Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.).

Education and Certifications

Bachelor’s Degree preferred, but not required. May also have advanced degree.
Certifications from the list below preferred, but not required:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)

Functional Skills

Advanced understanding of information security technology.
Ability to influence others and achieve results.
Ability to think strategically, conceptually, analytically and creatively.
Advanced time management skills including ability to manage multiple projects, prioritize and organize, and create alignment and buy in from clients and direct reports.
Demonstrated clear, concise and effective oral and written communication skills.
Ability to establish, manage and leverage relationships with internal and external partners.
Ability to analyze data and apply it to complex problem resolution.
Advanced understanding of security trends in the industry.
Advanced understanding of expense and resource management processes as they relate to project resources and expenses, ability to make appropriate sourcing decisions based on project resource needs, demonstrate understanding of area's budget and its relationship to department level information and external customers, and assist in explaining impact of project expenses on the area's overall expense plan.
Possess a mastery level of thriving in change by setting an example, providing leadership, and coaching peers and team members, during changes that may disrupt productivity.
Handle ambiguity and uncertainty with maturity, adapt management style to current situations and people needs, and demonstrate the ability to make decisions under time pressures and with limited information.

Skills

Change Management, Information Security Management, Information Security Operations, Network Security, People Leadership, Security Incident Response, Security Information and Event Management (SIEM)

Compensation

Compensation offered for this role is $104,000 – 187,625 annually and is based on experience and qualifications.

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. And one where you can impact the future for the greater good.

You’ll do all this in a flexible environment that embraces connection and belonging. And with the recognition of several inclusivity and diversity awards, we’ve proven that Allstate empowers everyone to lead, drive change and give back where they work and live.

Good Hands. Greater Together.®

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs

To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Keys to Success

At Allstate, it’s all about teamwork, flexibility, and thinking ahead. We all contribute to the bigger picture, combining unique ideas to design innovative, more affordable protection solutions for customers.

We look for candidates with these skills to help us achieve that goal:

Learning agility
Quickly adapt to new situations, continually build new skills, experiment, and embrace new ways of doing things

Customer centricity
Deliver exceptional experience with a customer-first mindset and human-centered design

Digital literacy
Discover and apply emerging digital technology tools, data and insights.

Results-oriented
Start with measurable outcomes and drive results with speed

Inclusive leadership
Integrate diverse viewpoints into decision-making processes to enhance creativity and innovation

Together, we’re all working toward Our Shared Purpose, using our strengths to make a real difference for our people, our customers, our company, and the world around us.

Working in Sales

What We Do:
As an expert on our products and services, you can give customers personalized attention and innovative solutions to make their lives easier.

How We Support You:
Starting day one, you’ll have access to resources and incentives to keep you feeling challenged and excited about your careers.

Make An Impact:
As a member of our sales team, you’ll bring a sense of ease and support to customers looking for a better understanding of their protection options. Whether in the field or talking to customers over the phone, you’ll continue to build trust in who we are and what we do.

Working together

You’re in Good Hands ® is more than a promise we make to our customers. It’s a promise we make our employees, too.

As part of our team, we want you to love where you work, and that starts by giving you the freedom to be yourself. Our workplace flexibility and focus on inclusion creates an environment where you can connect and belong. Our goal is for you to feel trusted, heard and empowered to express yourself. When you thrive, we all thrive. And this year, we’re proud to share that we’ve been recognized by Forbes as one of America’s Best Employers For Diversity, and one of America’s Best Large Employers.

When you join us, you’ll have the opportunity to push your skills to the next level each day. Our dedication to continuous learning ensures that you have access to development programs designed to propel your career forward. As you learn and grow, so do we.

Working here also means getting the chance to do meaningful work and make a real impact in your community. We have been driving change for over 90 years, but the mark we leave on the world, can be even greater when we work together.

Good Hands. Greater Together.

Role overview

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Job Description

Job Summary

The Incident Handling Manager of the Global Security Fusion Center (GSFC) will oversee the operations of Incident Handling such as incident response, threat detection and mitigation efforts. This individual will effectively run the operations by coordinating with different service areas across GSFC and maintain the overall security posture of the organization. This leadership role will effectively communicate with stakeholders and senior leadership team especially during a major incident. This individual serves as an incident manager during major incidents and supports the investigations carried out by the team.

The Incident Handling Manager mentors the Lead analysts and other analysts of the team and reviews the performance of the individuals. This Manager role also leads teams in the development and evaluation of programs, processes and procedures to mitigate cybersecurity risk, ensuring protection of company information and assets, and understanding and applying pertinent industry and government regulations, contracts, and requirements.

Key Responsibilities

Lead and manage Security Operations Center across different regions and shifts with primary responsibilities in security event monitoring, management, and response.
Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
Review policies and highlight the challenges in managing SLAs.
Review standard operating procedures to ensure SOC continues to effectively meet operational requirements.
Provide team & vendor management, evaluate overall use of resources, and initiate corrective action where required for SOC.
Create reports, dashboards, and metrics and present to Sr. Mgmt.
Evaluate existing technical capabilities and systems and identify opportunities for improvement.
Oversee training and exercises to ensure SOC team proficiency. Conduct after action reviews to identify lessons learned and best practices.
Work closely Security Leadership to identify and implement process changes, improvements, and efficiencies to ensure solid security practices.
Develop communication channels with technology owners and business to evangelize the evolving threat landscape.

Job Qualifications

Ideal candidate will have 10+ years incident handling and incident response experience.
Technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.
Know how to lead investigations and direct incident handlers and question the investigative process being followed.
Possess experience in writing both technical incident investigation reports as well as reports for senior leadership.
Ability to manage multiple initiatives at once in addition to day-to-day operations.
Experience in managing teams of 8 or more people and providing mentorship.
Advanced incident investigation and response experience.
Advanced log parsing and analysis skill sets.
Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.).
Moderate knowledge of Windows, Unix/Linux, and Mac operating systems.
Moderate knowledge of SIEM technologies and use case design.
Moderate knowledge of malware operations and indicators.
Moderate knowledge of network defenses such as firewalls, IDS/IPS, Packet Capture, Proxies.
Moderate experience with scripting.
Moderate knowledge of forensic techniques.
Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.).

Education and Certifications

Bachelor’s Degree preferred, but not required. May also have advanced degree.
Certifications from the list below preferred, but not required:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)

Functional Skills

Advanced understanding of information security technology.
Ability to influence others and achieve results.
Ability to think strategically, conceptually, analytically and creatively.
Advanced time management skills including ability to manage multiple projects, prioritize and organize, and create alignment and buy in from clients and direct reports.
Demonstrated clear, concise and effective oral and written communication skills.
Ability to establish, manage and leverage relationships with internal and external partners.
Ability to analyze data and apply it to complex problem resolution.
Advanced understanding of security trends in the industry.
Advanced understanding of expense and resource management processes as they relate to project resources and expenses, ability to make appropriate sourcing decisions based on project resource needs, demonstrate understanding of area's budget and its relationship to department level information and external customers, and assist in explaining impact of project expenses on the area's overall expense plan.
Possess a mastery level of thriving in change by setting an example, providing leadership, and coaching peers and team members, during changes that may disrupt productivity.
Handle ambiguity and uncertainty with maturity, adapt management style to current situations and people needs, and demonstrate the ability to make decisions under time pressures and with limited information.