Consulting Director, Security Engineering (Data and Network)

CNA Insurance is focused on creating a culture where employees feel valued and empowered. The Consulting Director, Security Engineering (Data and Network) will develop cloud-based network and data protection security strategies, lead the design of security architectures, and serve as a technical point of contact for security matters within the organization.

Responsibilities:

• Develop and coordinate client security strategy and define the transition to and adoption of secure services, communicating with project stakeholders to effectively convey requirements of technical and process improvements
• Design and implement strategies and tactical plans to aid CNA in its move to the modern solutions in a secure fashion while keeping the information risk at an acceptable level
• Based on business requirements, design and implement cloud-native security architectures and designs applying defense-in-depth strategies that will allow those requirements to be met with a minimal degree of risk to CNA and with appropriate security controls present
• Comprehensive expert understanding in many areas of IT and information security, with the ability to describe in business terms the impact of IT and cloud security policies, standards, and architecture, and provide security direction to business and IT personnel
• Recommend tactical and strategic initiatives to eliminate or mitigate risks
• Actively monitor and assess new and emerging threats posing risk to cloud computing environments
• Provide guidance and technical leadership in the development of security standards and guidelines for technologies implemented to conform to information enterprise architecture, risk profile and policy requirements
• Document and advise on areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation
• In collaboration with Legal, identify current and potential legal and regulatory issues affecting information security and assess their impact on CNA’s technology services
• Participate in Customer Assessment reviews of organization security controls on behalf of the customers when we store, process or transmit the customer’s data in cloud environments
• May perform additional duties as assigned

Requirements:

• Expert level knowledge of CASB and DLP system architecture and key security concepts
• Strong experience with CASB/SWG platforms, especially Netskope and other proxy technologies along with experience architecting security solutions within these cloud providers
• Expert knowledge of DLP methodologies, engineering and operations, trends and industry-leading cloud vendor offerings and integrations
• Hands-on experience configuring various security services such as IAM, KMS, and certificate management security services with appropriate security certifications
• Ability to assess risks in line with information security objectives and risk tolerance of the institution
• Proven conceptual, analytical and evaluation skills
• Strong interpersonal, verbal presentation and written communication skills along with the ability to work independently
• Ability to work well under pressure and to meet tight deadlines
• Demonstrates a high level of motivation, confidence, and responsibility
• Excellent project management skills and ability to organize and plan effectively to meet project goals
• Bachelor's Degree required or equivalent work experience
• Typically a minimum of ten years of IT Security experience, with recent cloud security experience
• Preferred experience with the insurance industry, its products and services
• Deep insurance industry knowledge preferred
• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
• Master's Degree in Computer Science or technical field preferred
• IT Security and Cloud certifications preferred