Sr Product Security Advisor

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA's benefits, check out our Candidate's Guide .
Individual contributor responsible for executing on the product security strategy, managing direct relationships with portfolio teams and driving security improvements under minimal direction for CNA's core application products. This role will act as the tactical consultant and key security stakeholder to a core portfolio of 5-10 business applications, systems and initiatives with the goal of leading security enhancement, strategy and planning for each.
This position focuses on fostering a long-term security strategy and approach to some of the most critical systems for CNA to systemically improve the portfolio. The role will involve diving into complex systems, integrations and business processes to document, assess and recommend areas for security investment and enhancement. Key activities will include security enhancement planning, application architecture reviews, threat modeling, risk exception management, and project design reviews.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

• Conducts end-to-end security review and guidance across the System Development Lifecycle (SDLC) to ensure comprehensive security engagement
• Recommends tooling and integration for comprehensive security controls including visibility, defensive and preventative for core systems.
• Drive security adoption with software engineers, architects, business stakeholders and product managers on risks, as well as specific project risks and risk mitigation options/scenarios.
• Develops security user stories for major projects to ensure security standards, integrations and other requirements are met.
• Leads and develops threat modeling and secure design review exercises on critical systems and applications
• Align security resources and strategy to key business processes, functionality and application dependency.
• Initiates security enhancement campaigns to enable greater protections and controls for critical systems
• Partner with functional leadership to develops and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).
• Contribute as a team member in major programs or change initiatives aimed at growing security capabilities

May perform additional duties as assigned.
Reporting Relationship
Typically Director or above
Skills, Knowledge & Abilities

• Solid ability to influence change in corporate understanding and adoption of information security concepts.
• Equally comfortable engaging with software engineers, architects, business stakeholders and product managers.
• Technical knowledge of solution architecting/engineering within the product security space.
• Robust understanding of security tooling, controls and/or architecting.
• Solid communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal and external business partners and clients.
• Technical knowledge of security policy construction and publication. Working knowledge of any of the common cloud platforms (AWS, Azure and GCP)
• Strong ability to manage various technical projects to completion.
• Willingness to learn new technologies, tools, applications and systems both supporting the information security organization and CNA's operations.

Education & Experience

• Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
• Typically a minimum of seven years of related work experience in IT, information security or product management.
• Applicable certifications preferred (CISSP, CCSP, PMP, Security+ etc.)
• Experience in consulting or product management preferred.
• Insurance industry experience preferred

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .