Sr Security Advisor

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA's benefits, check out our Candidate's Guide .
Individual contributor responsible for leading and managing numerous tactical engineering workflows, individualize security consultations for project teams and acting as the cross-domain security contact for a portfolio of business lines. This role will act as the tactical advisors and consultants to project teams working on everything from cloud application deployments to network infrastructure overhauls.
Individual contributor role providing guidance on directing, evaluating, developing, implementing, communicating, operating, monitoring and maintaining information security technologies, policies and procedures.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

• Drive security adoption and delivery with IT management and project staff through risk assessments, implementation of security controls and integration with appropriate processes/tooling.
• Leads cross-domain security engagement with project teams in all phases of the development and implementation process.
• Identifies emergent vulnerabilities and evaluates associated risks and threats endemic to IT projects throughout CNA.
• Capable of developing security threat assessments and security stories for application development and project teams.
• Facilitates discussions on security architecture and security tooling with respect to IT projects.
• Evaluates and advises on appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.
• Understand cloud security solutions and review incoming cloud projects to provide guidance and support to technical cloud teams.
• Provide guidance on cloud security standards/policies and advise on enabling cloud native controls to meet highest cyber security standards.
• Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy.
• Identifies regulatory changes that will affect information security policy, standards and procedures and recommends appropriate changes.
• Develops and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).
• Develops communications and related campaigns for information security awareness among all staff.
• Reviews the development, testing and implementation of security plans, products and control techniques.
• Assist in investigations as needed and recommends appropriate corrective actions for information security incidents.

May perform additional duties as assigned.
Reporting Relationship
Typically Director or above
Skills, Knowledge & Abilities

• Ability to influence change in corporate understanding and adoption of information security concepts.
• Experience with solution architecting/engineering within the information security space.
• Worked with security tooling, controls and/or architecting in a variety of roles.
• Strong analytical and problem solving skills.
• Robust communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.
• Solid understanding of security policy construction and publication.
• Working knowledge of any of the common cloud platforms (AWS, Azure and GCP)
• Ability to manage various technical projects to completion.
• Willingness to learn new technologies, tools, applications and systems both supporting the information security organization and CNA's operations.

Education & Experience

• Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
• Typically a minimum of seven years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.

Preferred:

• Experience in consulting or technical account management.
• Preferred insurance industry knowledge.
• CISSP, CCSP, PMP, Network+ and/or Security+.
• .

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .