You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
Individual contributor responsible for leading and managing numerous tactical engineering workflows, individualize security consultations for project teams and acting as the cross-domain security contact for CNA Canada. This role will act as a tactical advisor and consultant to CNA Canada project teams and IT leadership working on everything from cloud application deployments to network infrastructure overhauls. The role will also serve as the primary point of contact between the global security organization and the CNA Canada IT organization.
This role will be providing guidance on directing, evaluating, developing, implementing, communicating, operating, monitoring and maintaining information security technologies, policies and procedures.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Drive Information Security adoption and delivery within the CNA Canada portfolio through partnership with IT management and Information Security leaders.
- Develop and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments with respect to CNA Canada's IT needs (e.g., firm-wide, distributed, client server systems, and e-applications).
- Develops communications and related campaigns for information security awareness among all CNA Canada IT leaders and staff. Act as the primary liaison between Information Security and CNA Canada leaders with respect to transformation initiatives and IT projects.
- Lead Information Security delivery efforts to ensure CNA Canada needs and requirements are represented in all Information Security initiatives and that all Information Security initiatives will be effectively deployed within the CNA Canada IT environment.
- Operates with a deep knowledge and foundational understanding of the CNA Canada IT environment, technical architectures, application stacks and all related systems.
- Review the development, testing and implementation of security plans, products and control techniques with respect to the CNA Canada environment.
- Brief Chief Information Security Officer on CNA Canada IT portfolio projects, security efforts and related initiatives. Assist in information security investigations as needed and recommend appropriate corrective actions for information security incidents.
- Identifies emergent vulnerabilities and evaluate associated risks and threats endemic to IT projects throughout CNA Canada's applications and technologies. Develop security threat assessments and security stories for application development and project teams.
- Evaluates and advises on appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.
- Understand cloud security solutions and review incoming cloud projects to provide guidance to technical cloud teams deploying on Google Cloud Platform and Microsoft Azure.
May perform additional duties as assigned.
In all responsibilities and interactions, all employees are expected to adopt and align with CNA's Winning Behaviours - to be externally focused, accountable, collaborative, innovative, inclusive and continuously learning.
Skills, Knowledge & Abilities
- Ability to influence change in corporate understanding and adoption of information security concepts.
- Experience with solution architecting/engineering within the information security space.
- Familiar with security tooling, controls and/or architecting in a variety of roles.
- Strong analytical and problem solving skills. Robust communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.
- Solid understanding of security policy construction and publication.
- Working knowledge of any of the common cloud platforms (AWS, Azure and GCP)
- Ability to manage various technical projects to completion.
- Willingness to learn new technologies, tools, applications and systems both supporting the information security organization and CNA's operations.
Education & Experience
- Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
- Typically a minimum of seven years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.
- Experience in consulting or technical account management preferred.
- Preferred insurance or financial services industry knowledge.
- CISSP, CCSP, PMP, Network+ and/or Security+.
At CNA, we are committed to providing equal employment opportunities to all employees and applicants. It is our policy to provide equal employment opportunities to employees and applicants based on job-related qualifications and ability to perform a job. If you require an accommodation during the hiring process or upon hire, please inform Human Resources. If a selected applicant requests accommodation during the recruitment process, CNA will consult with the applicant in order to provide suitable accommodation that takes into account the applicant's accessibility needs.