AVP, Data Security

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA's benefits, check out our Candidate's Guide .
Officer position responsible for leading the creation of the vision, architecture, design, and implementation of data security for CNA and for the coordination and integration of data security strategies and controls across enterprise. This position leads, directs and has full management accountability for the data security team, and for the success of data security initiatives across the Enterprise. The leader will participate in and contribute to the Enterprise data strategy and implementation with a focus on effective security controls that protect critical data assets while enabling the business. Specifically, the AVP will lead the development of data security strategies, and business impact/trade-off analysis and oversee the conduct of data security readiness assessments for the selection, development and implementation of enterprise data security standards. In addition, the Officer will oversee the development data encryption programs, developing policies and procedures, and strategy. Additional responsibilities include data classification, data privacy/risk assessments, and implementation of programs and data protection as a service. The leader must possess a vision of the changing nature of data protection strategies and must be able to effectively communicate this vision to business leaders to successfully influence Enterprise data strategies and leverage business opportunities. This position also has exposure to a range of Data Security technologies ranging from Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), DLP features, Encryption/Tokenization, Digital Rights Management, Data Protection, and Data Discovery across Structured, Unstructured and Cloud. This leader should also be able to anticipate future business and technology shifts that will influence both the success and security of CAN's data strategy. These future shifts include emerging technologies such as blockchain, Quantum Computing, IoT and Edge Computing.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

• Develops, coordinates and is accountable for the Secure Data Strategy - Embedding security into the overall approach and vision for data in across the Enterprise.
• Builds, leads and has full management responsibility and accountability for the performance and development of a team of experienced data security professionals.
• Oversees Secure Data Integration - Accountable for Incorporating secure technological and business processes to align data from various sources to maximize business value.
• Data Protection - Provides capabilities layered on top of data at rest or in motion to secure the contents from unauthorized access.
• Directs implementation of technical capabilities such as rights management to enforce the movement or transmission of data.
• Data Security in the Cloud - Implements technical capabilities to protect and secure data in the cloud and to protect and secure structured and unstructured database assets.
• Database Security - Implements technical capabilities to protect and secure structured and unstructured database assets.
• Secures Data Analytics - Collects and analyzes business and event data to drive security value and enables the utilization of data as a business asset.
• Documents and advises on areas of security improvement that balances risk with business operations and do not diminish efficiencies or innovation.
• In collaboration with Legal, identifies current and potential legal and regulatory issues affecting information security and assesses their impact on CNA's security and technology teams.
• May perform additional duties as assigned.

Reporting Relationship
Typically VP or above
Skills, Knowledge & Abilities

• Expert level knowledge of data security concepts and relevant future technology trends.
• Proven ability to effectively lead, coach and develop a data security group.
• Ability to work across senior leaders in the Enterprise to collaborate, contribute and influence concepts, architectures, plans and execution of those plans
• Strong knowledge of the insurance industry, its products and services.
• Strong knowledge of data security technical solutions (e.g. data loss prevention, classification inventorying tools, data discovery).
• Expert knowledge of traditional and modern cloud data solutions.
• Ability to assess risks in line with information security objectives and risk tolerance of the institution.
• Proven conceptual, analytical and evaluation skills.
• Excellent interpersonal, verbal, presentation and written communication skills with the ability to effectively interact with internal and external business partners.
• Ability to work well independently, under pressure and to meet tight deadlines.
• Excellent project management skills with ability to organize, prioritize and plan effectively to meet project goals.
• Expert knowledge of privacy/data standards and regulations local, domestic and global (State Level Data Protection, ISO, GAPP, NIST 800 53, HIPPA, HiTrust, Privacy by Design, GDPR, EU Data Protection Directives, CCPA, APEC Privacy Framework).

Education & Experience

• Bachelor's Degree with Master's preferred in Computer Science, or related discipline, or equivalent.
• Typically a minimum of ten years of IT Security experience, preferably with recent cloud security experience.
• Typically a minimum of five years of security architecture experience designing and implementing data security solutions involving data encryption.
• Typically a minimum of five years of experience assessing or building programs in data protection: data encryption (FPE), tokenization, masking, and key management
• Typically a minimum of three years in asset and data discovery tooling (e.g. ServiceNow, Varonis, Netwrix)
• Typically a minimum of five years of experience in data encryption solutions within cloud environments (e.g. AWS, Azure, GCP)
• Typically a minimum of five years of hands-on experience with Data Security vendors, product capabilities, and solutions focus on Data Encryption and not limited to Data Loss Prevention, Data Rights Management, Data Classification, and Data Privacy
• Experience and background in security metrics creation and reporting specifically in the data space
• A track record of success working with other business executives to build and execute vision and strategy to realize positive business change

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .