Demo
Salary Resume Critique Job Openings

Director - Vulnerability Management (hands-on)

CNA
Chicago, IL Full Time
POSTED ON 1/26/2025
AVAILABLE BEFORE 4/24/2025

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

Leadership position responsible for transforming and accelerating Vulnerability Management (VM) into a core information security strength. This position plays a pivotal role in safeguarding CNA's assets by leading an enterprise-wide VM program and team, developing strategy, driving priorities and initiatives with partners, and managing vulnerabilities per organizational risk tolerance across on-premises and cloud environments. This role demands a strategic mindset, robust technical aptitude, and the ability to communicate risk and remediation status effectively throughout the business.

JOB DESCRIPTION :

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines :

  • Leads and executes a comprehensive Vulnerability Management program throughout a global technology organization leveraging legacy and modern assets and applications located on-premises and in the cloud.
  • Builds and nurtures strong partnerships with asset owners and managed service providers to drive vulnerability remediation, mitigation, reduce exposure and potential business impact, and ensure secure asset configurations.
  • Accountable for the vulnerability remediation process within CNA, which may include vulnerabilities discovered through, but not limited to, vulnerability scanning, ethical hacking, threat intelligence, application security, responsible disclosure, etc.
  • Holistically owns the secure configuration management process within CNA, which may include working with various teams in developing secure technical specifications for technologies, assessing the environment against those specifications, and continuously improving the posture through governance and technical leadership.
  • Develops enterprise policy, standards, plans, strategy, and procedures with specific regard to vulnerability management and secure configuration in alignment with business, industry, and regulatory requirements.
  • Develops and presents VM program metrics, KPIs, KRIs, and other applicable performance reporting measures to communicate risk and program effectiveness to governance and leadership.
  • Identifies, recommends, and prioritizes appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to acceptable risk tolerances.
  • Successfully partners with other teams to risk assess potential impact from vulnerabilities and recommends appropriate compensating security controls.
  • Mentor and develop a team of vulnerability management professionals, fostering a culture of continuous learning and operational excellence.
  • Be a champion for vulnerability management and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.

May perform additional duties as assigned.

Reporting Relationship

Typically AVP or above

Skills, Knowledge & Abilities

  • Proven track record of leading vulnerability management programs and teams with expert-level knowledge and competence in security concepts and strategies and the ability to successfully implement them.
  • Hands-on experience with leading vulnerability management tools at enterprise scale and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in legacy and modern assets and applications located on-premises and in the cloud.
  • Expertise in identifying, evaluating, and prioritizing vulnerabilities within CNA's environment, paired with the capability to design and implement holistic remediation strategies that effectively address both immediate and long-term risks across CNA.
  • Excellent written and verbal communications and interpersonal skills to work effectively with peers, leadership, and subordinates. Must be able to clearly communicate complex technical and business concepts both to business partners, internal and external teams, and leadership.
  • Strong analytical and project management skills.
  • Proven ability to effectively lead, manage, coach, and develop a team. This includes both direct leadership but also cross-functional capabilities.
  • 6 years in a vulnerability management program. Knowing not only how to assess vulnerabilities but also prioritize and drive remediation activities.
  • Experience interacting with auditors and regulators.
  • Experience and comfort working across evolving cloud and on-premises hybrid environments and technologies.
  • Self-starter with the ability to make independent data-driven decisions and the judgment to know when to seek guidance.
  • Expert-level understanding of key vulnerability management and information security concepts, such as : risk, severity, exploitability, CVE, CVSS, asset management, secure configuration management, etc.
  • Ability to foster collaborative, open, working relationships with stakeholders.
  • Strong understanding of enterprise, network, endpoint, and application-level security issues and risks.

    • Education & Experience

  • Bachelor's degree in computer science, or related discipline, or equivalent work experience.
  • Typically, a minimum of ten years' related work experience in Information Technology.
  • CISSP, CISM, PMP, or equivalent certifications preferred

    • LI-JB1

    Remote

    In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees - and their family members - achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA's benefits, please visit cnabenefits.com.

    CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.

    Salary : $97,000 - $189,000

    If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Director - Vulnerability Management (hands-on)?

    Sign up to receive alerts about other jobs on the Director - Vulnerability Management (hands-on) career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $219,423 - $248,819
    Income Estimation: 
    $280,031 - $485,657
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $220,784 - $286,649
    Income Estimation: 
    $87,093 - $107,335
    Income Estimation: 
    $111,725 - $147,313
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $220,784 - $286,649
    Income Estimation: 
    $270,069 - $359,305
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Employees: Get a Salary Increase
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Job openings at CNA

    Cybersecurity Architect
    CNA
    Hired Organization Address Arlington, VA Full Time
    JOB DESCRIPTION AND / OR DUTIES Develop and maintain internal network and cloud security architecture blueprints, ensuri...
    Underwriting Director - Small Business
    CNA
    Hired Organization Address Columbia, MD Full Time
    Underwriting Director - Small Business Apply locations Remote, USA time type Full time posted on Posted 4 Days Ago job r...
    Executive Assistant to Division Vice President & Program Manager
    CNA
    Hired Organization Address Arlington, VA Full Time
    JOB DESCRIPTION AND / OR DUTIES Provide overall administrative support to both the Division Vice President and PM of the...
    Data Analytics Sr. Consultant - Risk Control
    CNA
    Hired Organization Address Chicago, IL Full Time
    You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive...
    View More Jobs at CNA

    Not the job you're looking for? Here are some other Director - Vulnerability Management (hands-on) jobs in the Chicago, IL area that may be a better fit.

    Vulnerability Management Director I

    DivIHN Integration Inc, Chicago, IL

    Director - Vulnerability Management (hands-on)

    Continental Casualty Company, Chicago, IL

    View More Jobs

    AI Assistant is available now!

    Feel free to start your new journey!