Data Security Architect Consulting Director

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA's benefits, check out our Candidate's Guide .
The data security architect position is responsible for strategy planning, analysis, design, and development of CNA's data security architecture and systems. The position creates and updates data security technology and solution standards to align with corporate security policies and standards. The position serves as advisory roles to both technology (CTO) and security (CISO) leadership, developing and maintaining roadmaps for the data security solutions to align with the corporate IT strategies and visions. The position also serves as the subject matter expert in data security within information security domain and disciplines to business and IT organizations.
JOB DESCRIPTION:
Essential Duties & Responsibilities:

• Performs a combination of duties in accordance with departmental guidelines:
• Leads the development of data security strategies and designs data security architecture for CNA IT systems that aligns with CNA Secure Data Strategy, embedding security into the overall approach and vision for data across the enterprise.
• Participates in the creation, update and review of corporate security policies and technology standards for data security.
• Creates and maintains the information security technology standards to align with corporate data security policies and standards
• Develops and maintains data security solution and technology roadmaps for structured and unstructured data discovery, classification, protection and data rights management on premise and in the Cloud.
• Develops, maintains and governs the reusable data security framework and design patterns
• Develops the enterprise security solutions that deliver Secure Data Analytics, collecting and analyzing business and event data to drive security value and enabling the utilization of data as a business asset.
• In collaboration with Information Security and Legal, design solutions and processes to resolve current and potential legal and regulatory issues affecting information security and assesses their impact on CNA's security and technology teams.
• Contributes to general enterprise architecture framework and strategy development and enhancements.

Key Qualifications, Experience and Knowledge

• Bachelor's Degree with Master's preferred in Computer Science, Computer Engineering, or related discipline, or equivalent.
• A minimum of 7 years of experience in Information Technology, a minimum of 5 years in information security and a minimum of 3 years in data security, preferably with recent data and Cloud technology experience.
• Security Architecture: designing and implementing data security solutions involving data encryption and tokenization.
• Data discovery and classification: asset and data discovery, classification, right management and labeling technologies.
• Data Protection: assessing or building programs related to data encryption (FPE), tokenization, masking, and key management.
• Data encryption and key management solutions within Cloud environments (e.g., AWS, Azure, GCP).
• Data Security Vendor Selection and Management: hands-on evaluation of vendors, product capabilities, and solutions focusing on Data Encryption, Data Loss Prevention, Data Rights Management, Data Classification, and Data Privacy.
• Expert level knowledge of data security concepts and relevant future technology trends.
• Strong knowledge of data loss prevention concepts and technologies
• Expert knowledge of traditional and modern Cloud data solutions, including Cloud Access Security Brokers (CASB).
• Strong knowledge of privacy/data standards and regulations across local, domestic, and global jurisdictions (e.g., State Level Data Protection, ISO, GAPP, NIST 800 53, HIPPA, HiTrust, Privacy by Design, GDPR, EU Data Protection Directives, CCPA, APEC Privacy Framework).
• Ability to interface with senior leaders across the enterprise to collaborate on, contribute to and influence concepts, architectures, plans, and the execution therein.
• Strong knowledge of information security audit, compliance and risk management, and experience developing security and technology standards
• General knowledge and experience in related security domains such as application security, identity and access management, and security operations services.

General Skills, Personal Attributes and Certifications

• Strong communication skills with diverse audiences and demonstrated ability to explain technical topics to those without a technical background
• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple organizations
• Senior-level knowledge and experience of general enterprise architecture framework, best practices and methodologies
• E xcellent project management skills with ability to organize, prioritize, and plan effectively to meet project goals.
• Highly pragmatic and adaptable in approach, with a strong ability to balance a company's risk tolerance with desired business outcomes.
• Knowledge of the insurance industry, its products and services is preferred but not required
• Prefer one or more security certifications: CISSP, CISM, ISSAP and/or ISSEP

May perform additional duties as assigned.
#LI-remote
#LI-BN1
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .