AVP IT Risk & Compliance

| Chicago, IL | Hybrid
Sorry, this job was removed at 12:34 p.m. (CST) on Friday, March 25, 2022
Find out who's hiring in Chicago, IL.
See all Cybersecurity + IT jobs in Chicago, IL
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Job Summary
Officer position responsible for the IT Governance, Risk & Compliance function, and its interfaces with other functional areas across CNA. This role will lead the Governance, Risk and Compliance team, providing leadership and hands on guidance for all information security risk assurance activities across the enterprise, including first line of defense controls monitoring and testing. This position also acts as the Security liaison with IT operations and development teams for ongoing compliance initiatives. Serves as a Trusted Advisor to the business and technology stakeholders across the enterprise to partner on security, compliance and technical privacy improvements, manage risk of security exceptions, and stay aligned on common goals. As a leader within the Corporate Security Group, participates in the development and execution of strategy, and the identification and implementation of innovative controls to manage risk while enabling business performance.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

  1. Leads, directs, and has full management accountability for the performance and development of all IT Governance, Risk and Compliance staff in Information Security, including but not limited to IT Risk Management, IT Security Controls, Vendor Risk Management (shared), IT Compliance, Issues Management, Policies and Standards, Training and Awareness, Customer Compliance Inquiry, Security Advisory and Metrics and Reporting (KRI/KPI management) and managing a risk register.
  2. Establishes IT Risk and Compliance strategies and guides the execution and implementation of the strategies. Also provides significant input into the future strategy of Information Security at CNA.
  3. Actively works to identify, assess, and monitor emerging risks, evaluates associated vulnerabilities and threats, and provides mitigations strategies to protect the organization. Provides support, as required, with Second and Third Line of Defense reviews.
  4. Frequently works with senior IT and business leaders in re-evaluating IT risks from vendors.
  5. Oversees Security risk management, including the identification, analysis, and measurement of risks; the monitoring and reporting on security risks, and the disposition of said risks. Acts as the primary contact for the Enterprise Risk Management team on IT Security-related risk issues.
  6. Oversees Security Compliance and the associated IT Controls areas and partners with the Corporate Compliance organization on regulatory issues for IT. Leading a team that is responsible for coordinating third party risk and assessment on suppliers and partners.
  7. Continue program related to risk reduction and maturity following NIST-CSF, HITRUST, SOC2, HIPAA and other related frameworks and regulations.
  8. Directs and oversees the development and implementation of IT Risk standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments. Aligned with risk above, will measure compliance with policies and standards across IT for technical standards and the enterprise for non-technical ones.
  9. Works closely with other leaders across Information Security to ensure a common approach to threat and intelligence analysis, risk management methodologies, compliance reporting, and crisis management. Owns IT policies, awareness, and training.
  10. Oversees development, review and update of Corporate Security policies and associated standards.
  11. Oversees the education and awareness team. Provides Information Security continuous education and training of our employees, contractors, and third party vendors about InfoSec risk and maturity. In addition, this individual and their team will expand our information security training strategy and program, oversee its implementation, and assess its outcomes.


May perform additional duties as assigned.
Reporting Relationship
Typically VP or above
Skills, Knowledge & Abilities

  1. In depth experience with all aspects of information security, risk management, and business continuity management.
  2. Senior level knowledge of regulations (i.e., SOX, HIPAA, privacy, etc.) as it pertains to IT risk and controls.
  3. Excellent ability to influence change in enterprise understanding and adoption of information security concepts.
  4. Excellent analytical and problem solving skills.
  5. Excellent communications and interpersonal skills and the ability to work effectively with peers and cross functional senior executives.
  6. Strong understanding of crisis management skills.
  7. Strong ability to manage complex projects to completion.
  8. Proven ability to lead and motivate others in accomplishing goals.
  9. Preferred insurance industry knowledge.


Education & Experience

  1. Bachelor's Degree required or equivalent work experience. Master's Degree in Computer Science or technical field preferred.
  2. Minimum of ten years of information security, and IT risk and compliance experience with five years' management experience. Deep insurance industry experience preferred.
  3. CISSP or CISA\CISM and IT Risk and Compliance certifications preferred.
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How do you collaborate with other teams in the company?

On the Security Advisory team, collaboration is key to what we do. We sit at a unique intersection of security goals and business objectives. By working across nearly every IT team at CNA, we balance the need for maintaining secure initiatives and keeping projects on track. It’s our job to find the best, secure path to ‘Yes’ for business requests.

Zach Jones

Director, Security Advisory

How has your career grown since starting at the company?

I joined CNA as a contractor and became a full-time employee after an eight-year contractor journey. I’m passionate about solving technical challenges and CNA allows me to foster that passion. Every day, I learn about emerging technologies. I’m empowered to develop, grow, and create a career that works for me and my lifestyle.

SenthilKumar Asokan

Applications Engineer Senior Specialist

How do your team's ideas influence the company's direction?

Enterprise Architecture creates foundations for IT expectations across CNA. I’m on a team that builds reusable IT assets, communicates best practices, and decides standards for tooling, and more. I influence CNA outside of my role, too, specifically through CNA’s Employee Resource Groups. I’m empowered to influence both IT and our culture of inclus

Lisa Smith

Architecture Senior Specialist

What does career growth look like on your team?

Career growth can take on many different forms at CNA, and that’s because there are always opportunities to acquire transferrable skills. On my team specifically, we’re encouraged to identify and work toward development opportunities that matter to us. We’re empowered to make a difference while advancing our careers.

Josie Lee

Director, HR Business Partner

What are CNA Perks + Benefits

CNA Benefits Overview

One of the many advantages of working at CNA is the benefits program we offer you and your eligible dependents,
beginning on the first day of your employment. The program features a variety of plans that provide health care
benefits, well-being, disability and survivor protection, and 401(k) savings, among others. Below are highlights
of the offerings.

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Dedicated diversity and inclusion staff
Diversity employee resource groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Some meals provided
Relocation assistance
Onsite gym
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Online course subscriptions available
Paid industry certifications

More Jobs at CNA

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about CNAFind similar jobs like this