Information Security Leader (National Warranty Business
Company: CTI Education Group
Posted on: April 11, 2021
Job Description - Information Security Leader (National Warranty
Business) (INF0001YM) Job Description Information Security Leader
(National Warranty Business) - INF0001YM Description Job Summary
The Business Information Security Officer will be a member of the
Global Information Security (IS) organization Responsible for
providing management, oversight and direction for Information
Security for CNA National Warranty, in alignment with the
overarching Information Security strategy and guidelines of CNA.
You will work closely with CNA National Warranty Chief Operations
Officer (COO) and other Technology leaders and will be supporting
the group/team by developing a deep understanding of the business
in order to have specialized information security risk-based
discussions. This relationship will ensure a focus on the right
risk priorities. You will also provide guidance on information
security topics, policies, and controls. Performs a combination of
duties in accordance with departmental guidelines:
- Liaises between CNA Information Security and CNA National
Warranty IT team to implement Information Security policies,
processes and procedures and advises CNA National management on
risk issues related to information security and recommends actions
in support of the CNA's wider risk management and compliance
- Develop a robust understanding of National Warranty's operating
model and client risk factors to provide a balanced perspective on
security risk mitigation measures. Collaborate with business and
technology leaders so that desired security outcomes can be
accommodated in partnership with CNA's business objectives.
- Oversees IT risk management for CNA National Warranty,
including the identification, analysis and measurement of risks;
monitoring and reporting on IT risks and disposition of risks in
partnership with CNA Information Security and Risk Management
- Establishes and directs the design, development, testing and
implementation of Information Security strategies, plans, products
and other access control techniques. Identifies emerging
vulnerabilities, evaluates associated risks and threats and
provides countermeasures in partnership with CNA Information
- Manages the reporting, investigation and resolution of
information security incidents. Works with and consults with
business leaders on potential data breaches. Oversees digital
forensics activities to support HR, Legal or other stakeholders
while maintaining appropriate chain of custody.
- Responsible for implementing security standards, procedures and
guidelines to prevent the unauthorized use, release, modification
or destruction of data across multiple platforms and environments,
in alignment with CNA corporate standards.
- Provides insights on emerging security issues to CNA National
Warranty leadership and/or CNA Information Security team and
provides guidance and advocacy regarding the prioritization of CNA
investments that impact information security
- Oversees staff supporting the Office of the General Counsel in
the collection, delivery and presentation of electronic evidence
regarding litigation for and against the company. Provides services
to manage the full lifecycle of electronically stored information
to those ends.
- Works closely with Corporate Security and Safety to ensure
common approach to threat and intelligence analysis, risk
management, training and awareness, compliance, and crisis
- Ability to quantify the security risk issues/concerns from a
financial impact to the firm perspective. Understand and
incorporate resource availability so security mitigation risk
recommendations are realistic and achievable within CNA's budget,
or partner with leadership on securing necessary funding to support
these measures. May perform additional duties as assigned. 1.
Maintain contact with industry security standard setting groups and
awareness of State and Federal legislation and regulations
pertaining to data privacy, information security and business
2. May be called upon to speak to customers or prospects about
CNA's Information Security and Data protection capabilities.
3. Direct and lead risk assessment and management processes for
third party vendors and suppliers
4. Evaluate new projects at CNA National Warranty to ensure that
security issues are proactively identified and appropriately
remediated. Provide transparency into risks to senior business
5. Develop or adapt communications and related campaigns for
information security awareness among CNA National Warranty staff.
Reporting Relationship This position reports directly to CNA's SVP
& Chief Information Security, with dotted line reporting to CIO of
CNA National Warranty. Skills, Knowledge & Abilities 1. Senior
level understanding of multiple aspects of information security,
risk management and business continuity management, including:
security policies, security and risk management frameworks,
disaster recovery techniques, vulnerability management, security
operations, access control and security incident management.
2. Senior level knowledge of regulations (e.g. SOX, HIPAA, privacy,
etc.) and internal controls.
3. Excellent ability to influence change in corporate understanding
and adoption of information security concepts.
4. Excellent communications and interpersonal skills and ability to
work effectively with peers; senior executives in IT and the
business, and internal/external stakeholders.
5. Ability to exercise professional judgment and assume
responsibility for decisions which have impact on people, quality
of service and costs.
6. Advanced computer skills.
7. Preferred insurance industry knowledge. Education & Experience
1. Bachelor's degree with Master's preferred in Computer Science or
related discipline, or equivalent work experience.
2. Typically a minimum of 10 years of experience in information
security or related areas.
3. Applicable certifications preferred (CISSP, CISA, etc.) EEO
Statement: CNA is an Equal Opportunity Employer committed to a
diverse work culture. M/F/D/V.
Keywords: CTI Education Group, Scottsdale , Information Security Leader (National Warranty Business, Other , Scottsdale, Arizona
Didn't find what you're looking for? Search again!