Sean D. Lewis CISM, CRISC, PMP

Business Information Security for Agency Solutions at Allstate

Cornelius, NC, United States

Details

Education: BA, Communications

Communications, Graphic Design, Information Technology

Marymount Manhattan College

1991 : 1995

MBA

MBA Coursework

University of North Carolina at Charlotte - Belk College of Business

Experience: As Business Information Security Officer (BISO) for the Agency Solutions team, I am responsible for embedding security into the business objectives and actively adding value through the development of business roadmaps, new product development, and business planning as well as incident management and general cybersecurity queries.

2022 : Present

Allstate

Business Information Security Officer

Operations lead for the Information Security Council for Executive Oversight

Responsible to the Chief Information Officer (CISO) and his officers for the executive and leadership governance framework within Allstate Information Security, including :

* Approval of remediation plans or exceptions for high and critical cyber risks

* Information security program evaluation and prioritization

* Enterprise Security Policies and Standards

* Cross-org operational status and issue review

Achieved 100% audit response (internal and external) for the governance framework, both at the executive and leadership levels.

Through the governance framework, successfully integrated several key improvements to make the information security program more secure and more streamlined, including :

* Asset Risk Profile to rank and order required security control tiers

* 3 Lines of Defense risk management model for effective governance

* Cyber Risk Control Lifecycle to standardize operations for the identification and collection of artifacts necessary for leadership oversight and audit response

Identified and addressed gaps in the security control framework. Established simple, direct operations for approving and communicating asset risk value changes and, security control exceptions.

Agile GRC Program to define the value streams, implement incremental change improvements, and evaluate work based on key performance and risk indicators (KPIs and KRIs).

Develop the institutional presence of and the operational skills of the GRC team.

2018 : 2022

Allstate

Information Security Governance Operations Lead

Strategic project to update the governance, operations, infrastructure, and policies to address risks related to Data Loss Protection (DLP) identified by a Board of Directors' audit.

• Established and facilitated a governance committee to address DLP issues.

• Expanded the capability to monitor data at rest and in transit consistently across technologies.

• Refined corporate data sensitivity classifications, policies, and standards for enterprise use.

• Implement AIP tenants and entitlements configured to the needs of the business.

• Led testing, end-user training, and enterprise deployment of the AIP tool with DLP validation rules.

• Establish the least privilege for users with the business need for elevated privileges and the ability to detect, log, analyze, and respond to actions taken by users with those elevated privileges.

• Implemented processes and training for requesting exceptional rights access.

• Implemented a scalable infrastructure to support the Symantec installation under a single DLP team.

• Expanded enterprise forensics and e-discovery capabilities to better conduct the investigative and auditing capabilities in support of Legal and HR matters and cases.

• Documented processes to produce artifacts and attestations for the annual Payment Card Industry (PCI) audit of Data Security Standards (DSS) compliance.

2015 : 2018

StoneLaurel

Information Security Project Manager

Conducted internal review of the efficiency and effectiveness for the Vice President of Administrative Services.

• Established peer benchmarks for key performance indicators (KPIs), for ongoing health checks for Enterprise Protective Services, Real Estate Services, Support Services, and Aviation.

2014 : 2015

StoneLaurel

Executive Consultant

• Conduct analysis of emergent technology and security trends relevant to large corporations.

• Develop technology strategy models to support executive goals.

• Create and lead online webinars on the topics of Executive Infographics and Data Security.

2014 : 2014

Independent Contractor

Independent Consultant

Company: Allstate

Years of Experience: 24

Skills Agile Methodologies, Analysis, Business Analysis, Business Case Development, Business Innovation, Business Intelligence, Business Process, Business Process Improvement, Change Management, CRM, Cross-functional Team Leadership, Cybersecurity, Design Thinking, Diversity & Inclusion, DLP, Enterprise Architecture, Enterprise Software, Financial Services, HRIS, Information Security, Information Security Management, Information Technology, Internal Audit, IT Governance, Leadership, Lean Thinking, Management, Microsoft Excel, NIST, Organizational Leadership, PCI DSS, PMO, PMP, Process Improvement, Program Management, Project Management, Project Management Office (PMO), Project Portfolio Management, SDLC, Security Awareness, SIEM, Software Development Life Cycle (SDLC), Software Project Management, Strategic Planning, Strategy, Team Collaboration, Training, User Experience (UX)

About Cybersecurity leader with over 15 years of strategic cybersecurity experience with Fortune 100 companies in the insurance, financial services, and retirement industries. Driven by the need to effectively incorporate security in support of strategic business goals. I have worked with all levels of leadership and with both technical and business teams to develop innovative solutions.