Business Information Security Officer (BISO) - (National Warranty Business)
Company: CNA Financial
Posted on: June 12, 2021
The Business Information Security Officer will be a member of
the Global Information Security (IS) organization Responsible for
providing management, oversight and direction for Information
Security for CNA National Warranty, in alignment with the
overarching Information Security strategy and guidelines of
You will work closely with CNA National Warranty Chief
Operations Officer (COO) and other Technology leaders and will be
supporting the group/team by developing a deep understanding of the
business in order to have specialized information security
risk-based discussions. This relationship will ensure a focus on
the right risk priorities. You will also provide guidance on
information security topics, policies, and controls.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental
- Liaises between CNA Information Security and CNA National
Warranty IT team to implement Information Security policies,
processes and procedures and advises CNA National management on
risk issues related to information security and recommends actions
in support of the CNA's wider risk management and compliance
- Develop a robust understanding of National Warranty's operating
model and client risk factors to provide a balanced perspective on
security risk mitigation measures. Collaborate with business and
technology leaders so that desired security outcomes can be
accommodated in partnership with CNA's business objectives.
- Oversees IT risk management for CNA National Warranty,
including the identification, analysis and measurement of risks;
monitoring and reporting on IT risks and disposition of risks in
partnership with CNA Information Security and Risk Management
- Establishes and directs the design, development, testing and
implementation of Information Security strategies, plans, products
and other access control techniques. Identifies emerging
vulnerabilities, evaluates associated risks and threats and
provides countermeasures in partnership with CNA Information
- Manages the reporting, investigation and resolution of
information security incidents. Works with and consults with
business leaders on potential data breaches. Oversees digital
forensics activities to support HR, Legal or other stakeholders
while maintaining appropriate chain of custody.
- Responsible for implementing security standards, procedures and
guidelines to prevent the unauthorized use, release, modification
or destruction of data across multiple platforms and environments,
in alignment with CNA corporate standards.
- Provides insights on emerging security issues to CNA National
Warranty leadership and/or CNA Information Security team and
provides guidance and advocacy regarding the prioritization of CNA
investments that impact information security
- Oversees staff supporting the Office of the General Counsel in
the collection, delivery and presentation of electronic evidence
regarding litigation for and against the company. Provides services
to manage the full lifecycle of electronically stored information
to those ends.
- Works closely with Corporate Security and Safety to ensure
common approach to threat and intelligence analysis, risk
management, training and awareness, compliance, and crisis
- Ability to quantify the security risk issues/concerns from a
financial impact to the firm perspective. Understand and
incorporate resource availability so security mitigation risk
recommendations are realistic and achievable within CNA's budget,
or partner with leadership on securing necessary funding to support
May perform additional duties as assigned.
Maintain contact with industry security standard setting groups
and awareness of State and Federal legislation and regulations
pertaining to data privacy, information security and business
May be called upon to speak to customers or prospects about
CNA's Information Security and Data protection capabilities.
Direct and lead risk assessment and management processes for
third party vendors and suppliers
Evaluate new projects at CNA National Warranty to ensure that
security issues are proactively identified and appropriately
remediated. Provide transparency into risks to senior business
- Develop or adapt communications and related campaigns for
information security awareness among CNA National Warranty
This position reports directly to CNA's SVP & Chief Information
Security, with dotted line reporting to CIO of CNA National
Skills, Knowledge & Abilities
Senior level understanding of multiple aspects of information
security, risk management and business continuity management,
including: security policies, security and risk management
frameworks, disaster recovery techniques, vulnerability management,
security operations, access control and security incident
Senior level knowledge of regulations (e.g. SOX, HIPAA, privacy,
etc.) and internal controls.
Excellent ability to influence change in corporate understanding
and adoption of information security concepts.
Excellent communications and interpersonal skills and ability to
work effectively with peers; senior executives in IT and the
business, and internal/external stakeholders.
Ability to exercise professional judgment and assume
responsibility for decisions which have impact on people, quality
of service and costs.
Advanced computer skills.
- Preferred insurance industry knowledge.
Education & Experience
Bachelor's degree with Master's preferred in Computer Science or
related discipline, or equivalent work experience.
Typically a minimum of 10 years of experience in information
security or related areas.
- Applicable certifications preferred (CISSP, CISA, etc.)
Keywords: CNA Financial, Scottsdale , Business Information Security Officer (BISO) - (National Warranty Business), Other , Scottsdale, Arizona
Didn't find what you're looking for? Search again!