Director - Vulnerability Management

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA's benefits, check out our Candidate Guide .
Leadership position responsible for spearheading the vision, design, and implementation of Vulnerability Management (VM) program for CNA. This position leads the VM team, develops VM strategies, and conducts data security readiness assessments for the selection, development and implementation of enterprise data security standards. This position will focus on designing vulnerability risk assessment and remediation program for both infrastructure and WebApp vulnerabilities by updating strategy, policies and procedures, and maturing vulnerability risk classification process.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

• Leads the Vulnerability Management program as a vulnerability management SME throughout a global technology organization with various legacy and modern systems within data centers and the cloud.
• Develops enterprise policy and technical standards with specific regard to vulnerability management and secure configuration.
• Holistically owns the entire vulnerability remediation process within CNA, which may include vulnerabilities discovered through various channels such as, but not limited to, vulnerability scans, pentesting, application scanning, responsible vulnerability disclosure program, and etc.
• Holistically owns the entire configuration management process within CNA, which may include working with various team in developing security technical specifications for various technologies, evaluating our environment against those specifications, and always improving the posture through governance and technical leadership.
• Successfully partners with other Security and IT professionals to assess potential impact from vulnerabilities specific to the environment and recommend mitigating security controls.
• Identifies and recommends appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
• Builds strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
• Fully understands business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.
• Be a champion for vulnerability management and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
• Provides guidance, technical expertise, and support to team members regarding vulnerability assessment.
• Develops and improves KPIs and metrics for vulnerability management functions.
• Participate and lead new projects as needed.

May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills, Knowledge & Abilities

• Proven track record of leading vulnerability management teams with proven knowledge and competence in security concepts and strategies and the ability to successfully implement them.
• Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, and application servers.
• Strong written and verbal communication skills with the ability to collaborate through all parts of the business.
• High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams.
• Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.
• 6+ years in a vulnerability management program. Knowing not only how to assess vulnerabilities but also prioritize and drive remediation activities.
• Excellent communication and interpersonal skills to work effectively with peers, IT leadership, and subordinates. Must be able to clearly communicate complex technical and business concepts both to business partners, team members, and IT Management.
• Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
• Experience in interacting with auditors and regulators.
• Experience in working across public cloud and on-premises hybrid infrastructure.
• Experience in working with vulnerability scanning technologies at scale.
• Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.
• Fundamental understanding of risk vs severity.
• Comfort in a diverse technology environment spanning multiple operating systems and architectures.
• Ability to foster collaborative, open, working relationships with technology and other stakeholders.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.

Education & Experience

• Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
• Typically a minimum of ten years' related work experience in Information Technology

#LI-JB1
#Remote
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .