Responsible for providing management, oversight and direction for Information Security for CNA National Warranty, in alignment with the overarching Information Security strategy and guidelines of CNA.
Essential Duties & Responsibilities
1. Liaises between CNA Information Security and CNA National Warranty IT team to implement Information Security policies, processes and procedures.
2. Oversees IT risk management for CNA National Warranty, including the identification, analysis and measurement of risks; monitoring and reporting on IT risks and disposition of risks in partnership with CNA Information Security and Risk Management teams.
3. Establishes and directs the design, development, testing and implementation of Information Security strategies, plans, products and other access control techniques. Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures in partnership with CNA Information Security.
4. Manages the reporting, investigation and resolution of information security incidents. Works with and consults with business leaders on potential data breaches. Oversees digitalforensics activities to support HR, Legal or other stakeholders while maintaining appropriate chain of custody.
5. Responsible for implementing security standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data across multiple platforms and environments, in alignment with CNA corporate standards.
6. Provides insights on emerging security issues to CNA National Warranty leadership and/or CNA Information Security team.
7. Implements strategic and operational objectives related to Business Continuity and Disaster Recovery.
8. Oversees staff supporting the Office of the General Counsel in the collection, delivery and presentation of electronic evidence regarding litigation for and against the company. Provides services to manage the full lifecycle of electronically stored information to those ends.
9. Works closely with Corporate Security and Safety to ensure common approach to threat and intelligence analysis, risk management, training and awareness, compliance, and crisis management.
10. Ability to quantify the securityrisk issues/concerns from a financial impact to the firm perspective.
May perform additional duties as assigned.
This position reports directly to CNA's VP & Chief Information Security, with dotted line reporting to CIO of CNA National Warranty.
Skills, Knowledge & Abilities
1. Senior level understanding of multiple aspects of information security, risk management and business continuity management, including: security policies, security and risk management frameworks, disaster recovery techniques, vulnerability management, security operations, access control and securityincident management.
2. Senior level knowledge of regulations (e.g. SOX, HIPAA, privacy, etc.) and internal controls.
3. Excellent ability to influence change in corporate understanding and adoption of information security concepts.
4. Excellent communications and interpersonal skills and ability to work effectively with peers; senior executives in IT and the business, and internal/external stakeholders.
5. Ability to exercise professional judgment and assume responsibility for decisions which have impact on people, quality of service and costs.
6. Advanced computer skills.
7. Preferred insurance industry knowledge.
Education & Experience
1. Bachelors degree with Masters preferred in Computer Science or related discipline, or equivalent work experience.
2. Typically a minimum of 10 years of experience in information security or related areas.
3. Applicable certifications preferred.