VP, Information Security Technology

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. 

CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.

For a detailed look at CNA’s benefits, check out our Candidate Guide.

This is an officer position that manages all aspects of security technology for CNA affecting all CNA employees, contractors, service providers and all lines of business. This position reports to the global Chief Information Security Officer for CNA. This is a highly visible role that requires a forward-thinking mindset, providing leadership to the IT, Cyber Security and other business teams. This leader will act as a subject matter expert within their domain and communicate with executive leadership as needed. Partnering with other team leaders, this person will have additional responsibility for crafting, framing and updating the company’s disaster recovery and business continuity plans ensuring the team proactively provide solutions for cyber security operations team to analyze and responds to all threats and risks, and work with various business partners to enable their practices.

This role provides strategic security guidance to CIO, CISO, the Technology leadership team, business leadership, and regulatory compliance leadership and collaborates with senior leaders including SVP and VP level leadership within multiple departments on large security technology initiatives

This position will provide strategic cyber security focus for the enterprise and define, plan and direct all key cyber and information security initiatives within their group and represent information security in key IT projects. Will identify, develop, implement, and maintain security-related processes and services that reduce CNA’s risks and to ensure company information is adequately protected.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

Own the vision, drive the strategy and execution plan to get to a world-class level of information security protection for CNA

Lead, direct, and have full management accountability for the performance, development, and coaching of multiple people managers, including Directors, AVPs and individual contributors (FTEs and Staff Aug resources) in 7 to 10 departments

Manage a large “run the business” and “change the business” budget consisting of over 20 million dollars per year

Provide oversight for multiple global services vendors Develop and drive CNA’s global information security technology group that includes accountability for security engineering, IT projects and work streams in the areas of:

• Cloud security

• Identity for end users

• Identity for business applications

• Identity for infrastructure

• End point security, server security, and network security

• Mobile security, email security, database security, data loss prevention infrastructure

• Technical risk assessment, product security, and application threat modeling

Establish credibility as a trusted advisor to stakeholders, including customers, executives, peers, and employees Interact with government regulators and auditors across multiple jurisdictions with the US (federal and state level), Europe and Canada and adequately represent the CNA security posture

Foster and facilitate the professional growth and development of our team and lead effective collaboration across groups within the organization

Build organization capability within these teams by retaining outstanding talent and provide mentoring training (internal and external), and the opportunities for professional growth and development

Responsible for coordinating with enterprise architecture, IT, suppliers and business groups to ensure approaches are both secure and compliant.

Oversight of all projects across all of projects within the security area.

Security direction for all IT and business projects.

Coordinating the execution of all IT Security tools, technologies, people, processes and procedures enterprise-wide, ensuring internal and external compliance to the established standards.

Work with cyber insurance carriers to implement long term strategic initiatives that comply with external industry/insurance requirements

Establish a strong knowledge of enterprise cloud environments and cloud service provider platforms including Microsoft Azure, AWS, and Google Cloud Platform and their embedded security, as well as multi-cloud security management technologies.

Must collaborate well with other IT teams across the organization including at senior leadership levels (SVPs and VPs) This role is both strategic and tactical – must have strong technical capabilities in the security arena as well as strong leadership skills with their team, and across other teams

Must be able to communicate and articulate security matters to all layers of the organization

Works closely with leadership and cyber security operations team to identify emerging vulnerabilities, evaluates associated risks and threats, and provides countermeasures where necessary

Directs the Information Security staff in the evaluation of risks and threats, development, implementation, communication, and subject matter expertise in the development of the information security policies, standards and procedures which promote a secure and uninterrupted operation of all IT systems

Provides strategic insight and advice on emerging security issues to Loews and Loews owned companies and internal departments

May perform additional duties as assigned.

Reporting Relationship

Typically reports to Senior Vice President and above.

Skills, Knowledge & Abilities

• Technology security leadership experience in building world class multi-year security technology strategies and execution

• Senior level knowledge of regulations (i.e., SOX, HIPAA, privacy, etc.) and internal controls as they apply to IT

• Outstanding communicator with leadership presence, who can build effective internal and external relationships, and interact effectively with individuals at all levels including peers; senior executives in both IT and across business units; and internal/external business partners/clients.   

• Player-coach with experience leading teams of highly skilled employees

• Excellent ability to influence change in corporate understanding and adoption of information security concepts.    

• Strong understanding how technical controls can be applied to solve specific information security problems

• Must have the ability to define and articulate business impacts and risk to technical and non-technical team members

• Ability to ensure the ongoing compliance with all information security policies, standards and guidelines in the development of information security plans Understanding IT and InfoSec terminology and concepts Excellent analytical and problem-solving skills.    

• Ability to manage complex projects to completion  

• Proven ability to lead and motivate others in accomplishing goals

• Ability to exercise professional judgment and assume responsibility for decisions which have an impact on people, quality of service, and costs Candidates with relevant technology experience in a large enterprise

Education & Experience

• Bachelor’s degree in Computer Science, Computer Engineering, or Electrical Engineering, or related discipline, or equivalent work experience (Master’s preferred)

• Typically, a minimum of 20 years of experience in information security

• Typically, a minimum of 7 years of supervisory/management experience including managing other leaders and multiple departments

• Preparing and managing a significant operating budget on the order of 20 million plus per annum

• Applicable certifications – Certified Information Systems Security Professional (CISSP®) or Computer Information Security Manager (CISM®) is strongly preferred

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.