VP, Cyber Defense

You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.

Reporting directly to the Global Chief Information Security Officer (CISO) this position has overall responsibility for all aspects of the Cyber Security Operations for CNA. The position will work closely with senior CNA leaders (SVPs and VPs) to provide strategic cyber security focus for the enterprise and define plan and direct all key cyber security operations initiatives within their group.

This role will identify develop implement and maintain cyber-related processes that reduces CNAs operational risks. This is a highly visible role that requires forward-thinking mindset providing leadership to the cyber teams while ensuring the team proactively analyzes and responds to all threats deploying risk mitigation strategies processes and procedures.

This position develops and oversees an organization that is the first line of defense against nation-state-attackers external criminal entities and malicious insiders. The person filling this role will need to work with and give direction to executives and senior leaders throughout the company during a major security event.

Partnering with executives and senior leaders this person will have additional responsibility for crafting and framing all incident response and crisis recovery plans. This is a highly visible role that requires an extremely adaptable mindset that can react quickly to ever changing complex threat landscape providing leadership in the cyber security infrastructure and application development areas in planning for and reacting to major security events.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Own the vision and strategy to implement a comprehensive Cyber Security Defense program that encompasses development and running all aspects of operational security capabilities

• Effectively leads a team of Cyber Security leaders and Analyst over all aspects of Cyber Security Operations in the areas of Threat Detection and Incident Response 24x7 Security Operation Center (SOC) Threat Intel & Hunt Vulnerability Management Penetration Testing eDiscovery Tabletop exercises and Application Security

• Manages the reporting investigation and resolution of information security incidents. Works with and consults with senior business leaders such as the Chief Compliance Officer and the Office of General Counsel on potential data breaches. Oversees digital forensics activities to support Human Resources Legal and other key stakeholders while maintaining appropriate chain of custody

• Leads directs and has full management accountability for the performance and development of subordinate staff in the Information Security Operations team (both employees and third-party outsourced employees people leaders Directors and AVPs) consisting of multiple departments

• Establishes and directs the design development testing and implementation of appropriate Information Security detective and incident response controls for the above areas

• Leads strategic and special projects required for CNA to meet its objectives related to cybersecurity and detective technologies including the evaluation and implementation of new cybersecurity technology

• Monitors evaluates and reports on cybersecurity operational performance and processes to assure the continuous improvement of the overall program

• Oversees staff supporting the Office of the General Counsel in the collection delivery and presentation of electronic evidence regarding litigation for and against the company. Provides services to manage the full lifecycle of electronically stored information to those ends

• Works closely with various Technology Leaders Corporate Security & Safety to ensure common approach to threat and intelligence analysis risk management methodologies compliance reporting crisis management and other security services common to teams across CNA

• Provides strategic insight and advice on emerging security threats to CNA and Loews-owned companies and internal departments

• Maintains contact with industry security standard setting groups and an awareness of State and Federal legislation and regulations pertaining to data privacy information security and business continuity.

• Must collaborate well with other IT teams across the organization

• This role is both strategic and tactical must have strong technical capabilities in the security arena as well as strong leadership skills with their team and across other teams

• Managing large teams (50) multiple Managed Service Security Provider MSSPs in the areas of cyber security operations

• Understanding and interaction with legal privilege management resources

• Lead forensic investigation and gather admissible evidence in the case of a security event that leads to a criminal or civil case by government authorities (including managing chain of custody)

• Create and maintain AI/Data analytics function to enhance security anomaly detection and response

• Full understanding of emerging legal requirements as they apply to security event reporting

• Leads or supports Security Incident calls regardless of timing to drive swift resolution and ensure effective incident management

• Intelligence sharing with other Loews organizations

May perform additional duties as assigned.

Reporting Relationship

Typically reports to Senior Vice President and above.

Skills Knowledge & Abilities

• Provide confidential intelligence and cyber security briefs to executive leadership Senior level understanding of all aspects of information security with a special emphasis on threat management incident response event monitoring vulnerability management application security data loss prevention email security phishing social engineering open-source intelligence and tactical security remediation

• Outstanding leadership and management skills in all aspects of Information Technology security and the general business environment

• Preparing and managing a significant operating budget on the order of 20 million plus per annum

• Able to engage team members to achieve objectives

• Strong prioritization skills ability to effectively manage multiple tasks and priorities in a fast-paced environment

• Understanding of Web-Application Architecture and security fundamentals (IAM PKI network security data security)

• Senior level knowledge of regulations (i.e. SOX HIPAA privacy etc.) and internal controls as they apply to Technology

• Excellent ability to influence change in corporate understanding and adoption of information security concepts

• Excellent analytical and problem-solving skills especially during a critical security response event

• Excellent communications and interpersonal skills and the ability to work effectively with peers; senior executives in both Technology and across business units; and internal/external business partners/clients

• Strong understanding of crisis management skills Experience working within a global organization

• Ability to effectively communicate with all levels of employees within scope of responsibility

• Ability to manage complex projects to completion

• Proven ability to lead and motivate others in accomplishing goals

• Ability to exercise professional judgment and assume responsibility for decisions which have an impact on people quality of service and costs

• Advanced computer skills including Microsoft Office suite and other business related software systems

• Preferred insurance industry knowledge

Education & Experience

• Bachelors degree with Masters preferred in Computer Science or related discipline or equivalent work experience

• Typically a minimum of ten years of experience in information security

• Typically a minimum of five years of supervisory/management experience including preparing and managing a significant operating budget

• Applicable information certifications (e.g. CISSP or CISA)

#LI-GV1

In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $194000 to $308000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact.