VP, Business Security

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. 

CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.

For a detailed look at CNA’s benefits, check out our Candidate Guide.

Reporting directly to the Global Chief Information Security Officer (CISO), the Vice President of Business Security provides visionary leadership and strategic direction for all aspects of Security Advisory, Business Continuity, and Governance Risk and Control at CNA. This role is pivotal in shaping the organization’s security posture, embedding security into the fabric of business operations, and ensuring resilience in the face of an evolving risk landscape.

The VP of Business Security will collaborate closely with senior leadership across the organization to develop a comprehensive security strategy that aligns with CNA’s business goals and regulatory environment. This role requires a thought leader who can translate complex security challenges into actionable strategies, fostering a security-conscious culture and influence business decisions at the highest levels. The ideal candidate will possess a forward-thinking mindset, an ability to anticipate emerging threats, and a talent for driving security innovation that supports the CNA’s growth and operational continuity.

JOB DESCRIPTION:

Essential Duties & Responsibilities:

Performs a combination of duties in accordance with departmental guidelines:

• Shape and execute a holistic Business Security strategy that encompasses Security Advisory, Business Continuity, and Governance Risk and Control, ensuring these functions are seamlessly integrated into the CNA’s overall risk management and business planning processes.

• Serve as a strategic advisor to senior business leaders, providing expert guidance on security risks and opportunities that influence the organization’s strategic direction. Leverage deep business acumen to articulate the value of security initiatives in terms of business impact, enabling informed decision-making and investment prioritization.

• Drive the vision for Business Continuity and Disaster Recovery (BC/DR) strategy across CNA, ensuring that all critical business functions are resilient to disruptions. Lead high-level risk assessments and scenario planning exercises with senior stakeholders, embedding resilience into strategic planning and operational decision-making.

• Lead a comprehensive Governance, Risk, and Control (GRC) strategy, applying an enterprise-wide risk management framework that enables proactive identification, assessment, and mitigation of security risks. Partner with Legal, Compliance, and Internal Audit to align risk management practices with regulatory and corporate governance requirements.

• Elevate the role of Security Advisory in business transformation initiatives, ensuring that security is a foundational element in new business models, product launches, and digital transformations. Advocate for security considerations at the strategic planning level, influencing project prioritization and resource allocation.

• Cultivate a security-aware culture across the organization, championing a mindset where security is viewed as a business enabler. Develop and deliver strategic communication and training initiatives that elevate the importance of security in achieving business objectives and maintaining stakeholder trust.

• Build and lead a high-performing Business Security team that excels in strategic thinking and execution. Provide visionary leadership and mentorship, fostering a culture of continuous learning, innovation, and excellence. Develop succession plans and talent strategies to ensure the team’s capabilities evolve in line with CNA’s growth and emerging security trends.

• Establish strong partnerships with key stakeholders across the organization, including Technology, Legal, Compliance, and Operations, to ensure alignment and synergy in security, risk, and compliance initiatives. Advocate for a holistic approach to security that integrates physical and digital security measures and leverages cross-functional expertise.

• Represent CNA in industry forums and regulatory engagements, influencing security best practices and contributing to the development of industry standards. Stay ahead of emerging threats, regulatory changes, and technological advancements, positioning CNA as a leader in security governance and resilience.

Skills, Knowledge & Abilities:

• Strategic vision and leadership in security governance, risk management, and business continuity. Demonstrated ability to think broadly and innovate in response to an evolving threat landscape.

• Exceptional communication and influencing skills, with the ability to articulate complex security concepts to senior executives and the Board of Directors, shaping their understanding and approach to security and risk.

• Deep understanding of business continuity planning, including the strategic development and execution of BC/DR programs that align with business priorities and regulatory requirements.

• Proven ability to lead multiple teams within a functional area and drive alignment between security initiatives and business objectives, ensuring a cohesive approach to risk management across the organization.

• Expertise in developing and implementing GRC frameworks that enable proactive risk management and effective governance. Experience in leveraging GRC tools to enhance visibility and control over security risks.

• Innovative approach to security advisory services, with a track record of embedding security into business transformations and digital initiatives. Ability to influence at the strategic level, advocating for security as a competitive advantage.

• Strong analytical and problem-solving skills, with the ability to anticipate emerging risks and develop forward-looking strategies to mitigate them.

• Experience working with diverse regulatory environments, including GDPR, CCPA, SOX, ISO 27001, and NIST, and integrating compliance requirements into business security strategies.

• Ability to lead and inspire a diverse team of security professionals, fostering a culture of excellence, accountability, and continuous improvement.

• Proven ability to navigate complex organizational dynamics, building consensus and driving collaboration across functions and geographies.

Education & Experience:

• Bachelor’s or Master’s degree in Information Security, Business Administration, or a related field. Relevant certifications such as CISSP, CISM, CBCP, or CRISC are highly desirable.

• Minimum of 15 years of experience in security governance, risk management, or business continuity, with at least 8 years in a management experience.

• Extensive experience in developing and leading security governance and business continuity programs in a global, complex organization.

• Proven track record of influencing executive leadership and driving strategic security initiatives that support business goals and regulatory compliance.

• Experience in a global, multi-stakeholder environment, with the ability to manage competing priorities and drive alignment in a complex organizational structure.

Reporting Relationship: Typically reports to the Global Chief Information Security Officer (CISO).

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.