Business Information Security Officer (BISO) - (National Warranty Business) at CNA (Phoenix, AZ)

| Phoenix – Mesa – Scottsdale, AZ | Hybrid
Sorry, this job was removed at 6:25 a.m. (CST) on Tuesday, February 15, 2022
Find out who's hiring in Phoenix, AZ.
See all Operations jobs in Phoenix, AZ
By clicking Apply Now you agree to share your profile information with the hiring company.
Job Summary
The Business Information Security Officer will be a member of the Global Information Security (IS) organization Responsible for providing management, oversight and direction for Information Security for CNA National Warranty, in alignment with the overarching Information Security strategy and guidelines of CNA.
You will work closely with CNA National Warranty Chief Operations Officer (COO) and other Technology leaders and will be supporting the group/team by developing a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies, and controls.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  1. Liaises between CNA Information Security and CNA National Warranty IT team to implement Information Security policies, processes and procedures and advises CNA National management on risk issues related to information security and recommends actions in support of the CNA's wider risk management and compliance programs.
  2. Develop a robust understanding of National Warranty's operating model and client risk factors to provide a balanced perspective on security risk mitigation measures. Collaborate with business and technology leaders so that desired security outcomes can be accommodated in partnership with CNA's business objectives.
  3. Oversees IT risk management for CNA National Warranty, including the identification, analysis and measurement of risks; monitoring and reporting on IT risks and disposition of risks in partnership with CNA Information Security and Risk Management teams.
  4. Establishes and directs the design, development, testing and implementation of Information Security strategies, plans, products and other access control techniques. Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures in partnership with CNA Information Security.
  5. Manages the reporting, investigation and resolution of information security incidents. Works with and consults with business leaders on potential data breaches. Oversees digital forensics activities to support HR, Legal or other stakeholders while maintaining appropriate chain of custody.
  6. Responsible for implementing security standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data across multiple platforms and environments, in alignment with CNA corporate standards.
  7. Provides insights on emerging security issues to CNA National Warranty leadership and/or CNA Information Security team and provides guidance and advocacy regarding the prioritization of CNA investments that impact information security
  8. Oversees staff supporting the Office of the General Counsel in the collection, delivery and presentation of electronic evidence regarding litigation for and against the company. Provides services to manage the full lifecycle of electronically stored information to those ends.
  9. Works closely with Corporate Security and Safety to ensure common approach to threat and intelligence analysis, risk management, training and awareness, compliance, and crisis management.
  10. Ability to quantify the security risk issues/concerns from a financial impact to the firm perspective. Understand and incorporate resource availability so security mitigation risk recommendations are realistic and achievable within CNA's budget, or partner with leadership on securing necessary funding to support these measures.

May perform additional duties as assigned.
1. Maintain contact with industry security standard setting groups and awareness of State and Federal legislation and regulations pertaining to data privacy, information security and business continuity.
2. May be called upon to speak to customers or prospects about CNA's Information Security and Data protection capabilities.
3. Direct and lead risk assessment and management processes for third party vendors and suppliers
4. Evaluate new projects at CNA National Warranty to ensure that security issues are proactively identified and appropriately remediated. Provide transparency into risks to senior business leaders.
5. Develop or adapt communications and related campaigns for information security awareness among CNA National Warranty staff.
Reporting Relationship
This position reports directly to CNA's SVP & Chief Information Security, with dotted line reporting to CIO of CNA National Warranty.
Skills, Knowledge & Abilities
1. Senior level understanding of multiple aspects of information security, risk management and business continuity management, including: security policies, security and risk management frameworks, disaster recovery techniques, vulnerability management, security operations, access control and security incident management.
2. Senior level knowledge of regulations (e.g. SOX, HIPAA, privacy, etc.) and internal controls.
3. Excellent ability to influence change in corporate understanding and adoption of information security concepts.
4. Excellent communications and interpersonal skills and ability to work effectively with peers; senior executives in IT and the business, and internal/external stakeholders.
5. Ability to exercise professional judgment and assume responsibility for decisions which have impact on people, quality of service and costs.
6. Advanced computer skills.
7. Preferred insurance industry knowledge.
Education & Experience
1. Bachelor's degree with Master's preferred in Computer Science or related discipline, or equivalent work experience.
2. Typically a minimum of 10 years of experience in information security or related areas.
3. Applicable certifications preferred (CISSP, CISA, etc.)
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How do you collaborate with other teams in the company?

On the Security Advisory team, collaboration is key to what we do. We sit at a unique intersection of security goals and business objectives. By working across nearly every IT team at CNA, we balance the need for maintaining secure initiatives and keeping projects on track. It’s our job to find the best, secure path to ‘Yes’ for business requests.

Zach Jones

Director, Security Advisory

How has your career grown since starting at the company?

I joined CNA as a contractor and became a full-time employee after an eight-year contractor journey. I’m passionate about solving technical challenges and CNA allows me to foster that passion. Every day, I learn about emerging technologies. I’m empowered to develop, grow, and create a career that works for me and my lifestyle.

SenthilKumar Asokan

Applications Engineer Senior Specialist

How do your team's ideas influence the company's direction?

Enterprise Architecture creates foundations for IT expectations across CNA. I’m on a team that builds reusable IT assets, communicates best practices, and decides standards for tooling, and more. I influence CNA outside of my role, too, specifically through CNA’s Employee Resource Groups. I’m empowered to influence both IT and our culture of inclusion.

Lisa Smith

Architecture Senior Specialist

What does career growth look like on your team?

Career growth can take on many different forms at CNA, and that’s because there are always opportunities to acquire transferrable skills. On my team specifically, we’re encouraged to identify and work toward development opportunities that matter to us. We’re empowered to make a difference while advancing our careers.

Josie Lee

Director, HR Business Partner

More Jobs at CNA

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
View CNA's full profileSee more CNA jobs