Information Security Consultant
Job Summary
Individual contributor responsible for bridging the gap between a fast-paced information security program and a complex portfolio of IT projects. This role will act as the tactical consultant to project teams with varying focus from cloud application deployments to network infrastructure overhauls.
This position provides guidance on directing, evaluating, developing, implementing, communicating, operating, monitoring and maintaining information security technologies, policies and procedures. This position provides technical expertise, support in identifying risks, recommend appropriate mitigations and effective security evaluation across all aspects of information technology projects.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Provides technical expertise and support to clients, IT management and staff in risk assessments and the implementation and operation of appropriate information security procedures and products.
- Acts as an expert technical resource to project teams in all phases of the development and implementation process.
- Identifies emergent vulnerabilities and evaluates associated risks and threats endemic to IT projects throughout CNA.
- Facilitates discussions on security architecture and security tooling with respect to IT projects.
- Evaluates and advises on appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.
- Understands cloud security solutions and reviews incoming cloud projects to provide guidance and support to technical cloud teams.
- Provides guidance on cloud security standards/policies and advise on enabling cloud native controls to meet highest cyber security standards.
- Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy.
- Partner with functional leadership to develops and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).
- Develops communications and related campaigns for information security awareness among all staff.
May perform additional duties as assigned.
Reporting Relationship
Typically Director or above
Skills, Knowledge & Abilities
- Solid ability to influence change in corporate understanding and adoption of information security concepts.
- Solid knowledge of solution architecting/engineering within the information security space.
- Solid knowledge of security tooling, controls and/or architecting.
- Strong analytical and problem solving skills.
- Excellent communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal and external business partners and clients.
- Excellent understanding of security policy construction and publication.
- Working knowledge of any of the common cloud platforms (AWS, Azure and GCP)
- Strong ability to manage various technical projects to completion.
- Willingness to learn new technologies, tools, applications and systems both supporting the information security organization and CNA's operations.
Education & Experience
- Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
- Typically a minimum of seven years of related work experience in Information Technology, preferably in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.
- Applicable certifications preferred (e.g. CISSP, CCSP, PMP, Network+ and/or Security+, etc.)
- Experience in consulting or technical account management preferred.
- Insurance industry experience preferred .