Cyber and Technology Risk Analyst (hybrid/remote)

Responsibilities

• Lead and execute complex technology and cyber risk assessments across business and IT functions, evaluating potential impacts and recommending practical mitigation strategies.
• Analyze risk scenarios and control effectiveness to identify gaps, emerging risks, and key risk drivers using both structured and unstructured data sources.
• Develop clear, concise, and actionable risk reports and presentations for stakeholders at all levels, including senior leadership and the Board.
• Challenge existing practices and influence enhancements to technology standards, policies, and controls to strengthen the organization's risk posture.
• Identify , assess, and communicate potential threats to the technology environment, tailoring messaging for both technical and non-technical audiences.
• Monitor industry trends, regulatory developments, and emerging cyber threats to proactively identify future risk exposures and inform strategy.
• Support the design, implementation, and continuous improvement of risk management frameworks, methodologies, and controls.
• Collaborate cross-functionally with technology, security, compliance, and business teams to ensure alignment and effective risk management practices.
• Translate findings into actionable remediation recommendations, driving improvements across technology and operations.
• Serve as a trusted advisor to Technology, Security, and Risk partners, providing expert guidance on cyber and technology risk management best practices.
• Essential Skills
• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.
• Minimum 4 years' hands on experience in cyber or technology risk management.
• Strong expertise in cyber threat modeling , including hands-on experience using the MITRE ATT&CK framework to develop attack path simulations, assess adversary tactics, and evaluate control effectiveness.
• Solid working knowledge of core technology infrastructure, including networks, cloud platforms, storage, operating systems, identity and access management, and security architecture.
• Advanced analytical skills with the ability to synthesize complex risk scenarios and data into actionable insights and clear recommendations for technical and business stakeholders.
• Proven ability to influence and communicate effectively across all levels of the organization, translating technical risk concepts into business impact for senior leadership and non-technical audiences.
• Desirable Skills
• Exposure to second-line risk management, internal audit, or established technology risk frameworks
• K nowledge of cloud risk and modern architecture (e.g., multi-cloud, containerization, zero trust concepts)
• Relevant security certifications (e.g., CISSP, CISM, CRISC, CEH, OSCP)
• Exposure to red teaming or adversary simulation training/certifications is a plus
• Supervisory Responsibilities
• This job does not have supervisory du ties .
• Job Posting End Date: Thursday 2nd July 2026 [11:59pm]
• #LI-SP1
• #LI-Remote

Requirements

• Cloud Security Risk Management, Cybersecurity Risk Management, GRC Platform, MITRE ATT&CK Framework, Risk Framework, Risk Strategies
• Shape the Future of Insurance with Cutting-Edge Tech and a People-First Culture
• Why join us?
• We're a product-driven, cloud-first organisation delivering real outcomes through modern technology, a digital product-centric talent model, and a culture rooted in engineering excelle

Benefits

Additional Information

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers' evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Your role in the team The Cyber and Technology Risk Analyst leads comprehensive cyber and technology risk assessments, providing independent oversight, challenge, and advisory across the organization's technology landscape. This role is part of the Cyber and Technology Risk Management team, partnering with Technology, Security, and Business leaders to strengthen risk posture and support informed decision-making. The role requires strong analytical capability to evaluate complex risk scenarios, develop attack paths, assess control effectiveness, and deliver actionable insights while proactively monitoring emerging threats and driving effective risk mitigation strategies.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Allstate? Share your experience