JOB DESCRIPTION AND / OR DUTIESDevelop and implement a comprehensive cyber governance strategy that aligns with the organization’s business objectives and risk appetite.Provide strategic counsel to senior leadership on cybersecurity risk management, resource allocation, and investment priorities.Lead a team of skilled professionals, ensuring they have the necessary resources, training, and support to excel in their roles.Create and enforce cybersecurity policies, standards, and procedures.Oversee compliance with relevant cybersecurity regulations and frameworks.Develop and maintain an incident response plan to handle cybersecurity incidents effectively.Lead incident response efforts and coordinate with relevant stakeholders during security breaches.Drive continuous enhancement of cybersecurity processes, policies, and procedures through regular assessments, exercises, and refinement initiatives.Develop risk mitigation strategies and track remediation efforts.Evaluate and manage cybersecurity risks associated with third-party vendors, contractors, and partners, including conducting security assessments, and ensuring contractual obligations are met.Work closely with IT and engineering teams to design, implement, and maintain secure infrastructure, systems, and applications. Ensure that security controls are built into the design and development process from the outset.Develop and maintain security metrics to measure the effectiveness of cybersecurity controls and initiatives. Provide regular reports to senior leadership and the board of trustees on the organization's cybersecurity posture and key risk indicators.Instill a culture of security awareness and resilience across the organization through education, advocacy, and exemplary cybersecurity practices.Stay abreast of emerging cybersecurity threats, technologies, and trends, and provide guidance on how they may impact the organization's security posture.Perform other duties as assigned.JOB REQUIREMENTSEducation: Bachelor’s or master's degree in information security, computer science, or related field, or equivalent combination of education and work experience required; Advanced degree is a plus. PMP, CISSP, CISM, or other cyber certifications a plus.Experience: Minimum 8 years of progressive experience in cybersecurity, with a focus on governance, risk, and compliance. Supervisory experience required.Skills:Demonstrated leadership skills, with experience managing and developing high-performing teams in a fast-paced environmentDeep understanding of Strong knowledge of cybersecurity frameworks, standards, and regulationsExperience in developing and implementing cybersecurity policies and proceduresExcellent communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels of the organization.Clearance: Ability to obtain and maintain a Top-Secret level security clearance if required.Remote/Hybrid Work Eligibility: This position is eligible for telecommuting or hybrid work arrangements at the discretion of the Supervisor. Employees may be required to work at CNA headquarters or other work locations resulting in changes to the scheduled telecommuting or hybrid work arrangements.