Consulting Director, IT Security Technical Advisor

Consulting Director, IT Security Technical Advisor

CNA Insurance offers a broad portfolio of property and casualty business insurance solutions that allow you to better manage your risks and grow profitably.

You have a clear vision of where your career can go. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

This role is an individual contributor responsible for leading and managing numerous tactical engineering workflows, individualizing security consultations for project teams, and acting as the cross-domain security contact for CNA Canada. This role will act as a tactical advisor and consultant to CNA Canada project teams and IT leadership working on everything from cloud application deployments to network infrastructure overhauls. The role will also serve as the primary point of contact between the global security organization and the CNA Canada IT organization.

This role will be providing guidance on directing, evaluating, developing, implementing, communicating, operating, monitoring, and maintaining information security technologies, policies, and procedures.

JOB DESCRIPTION:

Essential Duties & Responsibilities

• Drive Information Security adoption and delivery within the CNA Canada portfolio through partnership with IT management and Information Security leaders.
• Develop and implement security standards, procedures, and guidelines for multiple platforms and diverse systems environments with respect to CNA Canada’s IT needs (e.g., firm-wide, distributed, client server systems, and e-applications).
• Develop communications and related campaigns for information security awareness among all CNA Canada IT leaders and staff. Act as the primary liaison between Information Security and CNA Canada leaders with respect to transformation initiatives and IT projects.
• Lead Information Security delivery efforts to ensure CNA Canada needs and requirements are represented in all Information Security initiatives and that all Information Security initiatives will be effectively deployed within the CNA Canada IT environment.
• Operate with a deep knowledge and foundational understanding of the CNA Canada IT environment, technical architectures, application stacks, and all related systems.
• Review the development, testing, and implementation of security plans, products, and control techniques with respect to the CNA Canada environment.
• Brief Chief Information Security Officer on CNA Canada IT portfolio projects, security efforts, and related initiatives. Assist in information security investigations as needed and recommend appropriate corrective actions for information security incidents.
• Identify emergent vulnerabilities and evaluate associated risks and threats endemic to IT projects throughout CNA Canada’s applications and technologies. Develop security threat assessments and security stories for application development and project teams.
• Evaluate and advise on appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup, and recovery.
• Understand cloud security solutions and review incoming cloud projects to provide guidance to technical cloud teams deploying on Google Cloud Platform and Microsoft Azure.

May perform additional duties as assigned.

In all responsibilities and interactions, all employees are expected to adopt and align with CNA’s Winning Behaviours – to be externally focused, accountable, collaborative, innovative, inclusive, and continuously learning.

Skills, Knowledge & Abilities

• Ability to influence change in corporate understanding and adoption of information security concepts.
• Experience with solution architecting/engineering within the information security space.
• Familiarity with security tooling, controls, and/or architecting in a variety of roles.
• Strong analytical and problem-solving skills. Robust communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.
• Solid understanding of security policy construction and publication.
• Working knowledge of any of the common cloud platforms (AWS, Azure, and GCP).
• Ability to manage various technical projects to completion.
• Willingness to learn new technologies, tools, applications, and systems both supporting the information security organization and CNA’s operations.

Education & Experience

• Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
• Typically a minimum of seven years of technical experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols or an equivalent combination.
• Experience in consulting or technical account management preferred.
• Preferred insurance or financial services industry knowledge.
• CISSP, CCSP, PMP, Network+, and/or Security+ certifications are preferred.

At CNA, we are committed to providing equal employment opportunities to all employees and applicants. It is our policy to provide equal employment opportunities to employees and applicants based on job-related qualifications and ability to perform a job. If you require an accommodation during the hiring process or upon hire, please inform Human Resources. If a selected applicant requests accommodation during the recruitment process, CNA will consult with the applicant in order to provide suitable accommodation that takes into account the applicant’s accessibility needs.