Director, Data Protection - Cryptography - CNA : Job Details

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.For a detailed look at CNA's benefits, check out our Candidate Guide.

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Develops, coordinates and is accountable for the Secure Data Strategy - Embedding security into the overall approach and vision for data in an organization.
• Oversees Secure Data Integration - Incorporating secure technological and business processes to align data from various sources.
• Data Protection - Provides capabilities layered on top of data at rest, in motion or in use to secure the contents from unauthorized access.
• Directs implementation of technical capabilities such as encryption and key management to enforce the movement or transmission of data.
• Data Security in the Cloud - Implements technical capabilities to protect and secure data in the cloud and to protect and secure structured and unstructured database assets.
• Documents and advises on areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Develops and maintains relationships with key stakeholders in the app dev, infrastructure space to ensure smooth functioning of the Data Security Program.
• Interlocks with other areas of the information security (e.g. Security Technology and Security Operations) to ensure end-to-end functioning of Data Security Services.

May perform additional duties as assigned.

Reporting Relationship

Typically AVP or above.

Skills Knowledge & Abilities

• Expert level knowledge of data security concepts.
• Proven ability to effectively lead, coach and develop a data security group.
• Strong knowledge of the insurance industry, its products and services.
• Strong knowledge of data security technical solutions (e.g. classification inventorying, data discovery, encryption, tokenization, key management).
• Expert knowledge of traditional and modern cloud data solutions.
• Ability to assess risks in line with information security objectives and risk tolerance of the institution.
• Proven conceptual, analytical and evaluation skills.
• Excellent interpersonal, verbal, presentation and written communication skills with the ability to effectively interact with internal and external business partners.
• Ability to work well independently, under pressure and to meet tight deadlines.
• Excellent project management skills with ability to organize, prioritize and plan effectively to meet project goals.
• Expert knowledge of privacy/data standards and regulations local, domestic and global (State Level Data Protection, ISO, GAPP, NIST 800 53, HIPPA, HiTrust, Privacy by Design, GDPR, EU Data Protection Directives, CCPA, APEC Privacy Framework).

Education & Experience

• Bachelor's Degree with Master's preferred in Computer Science, or related discipline, or equivalent.
• Typically a minimum of ten years of IT Security experience, preferably with recent cloud security experience.
• Typically a minimum of five years of security architecture experience designing and implementing data security solutions involving data encryption.
• Typically a minimum of five years of experience assessing or building programs in data protection: data encryption (FPE), tokenization, masking, and key management.
• Typically a minimum of three years in asset and data discovery tooling (e.g. ServiceNow, Varonis, Netwrix).
• Typically a minimum of five years of experience in data encryption solutions within cloud environments (e.g. AWS, Azure, GCP).
• Typically a minimum of five years of hands-on experience with Data Security vendors, product capabilities, and solutions focused on Data Encryption and not limited to Data Loss Prevention, Data Rights Management, Data Classification, and Data Privacy.
• Experience and background in security metrics creation and reporting specifically in the data space.

#Hybrid

#LI-JB1

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected].

At CNA, we are focused on success, individually and collectively. We pride ourselves on promoting a culture that challenges and engages people. We strive to connect people, departments and business areas, to function as a team, and to serve our customers and communities with professionalism and respect.

Our dedication to employee engagement, continuous learning and the open exchange of ideas is the cornerstone of our business. These ideals, combined with our focus on the customer, enable us to explore new market opportunities and build on our success.

Our values, culture and financial strength are what differentiates us from other employers and make CNA the place you want to work.

CNA is committed to fostering a diverse and inclusive culture grounded in equity that supports our organization, clients, and communities by prioritizing talent and programs that represent our current environment and empower all employees and partners to be active allies and advocates for equality. Globally, our Employee Resource Groups — Advocacy for Visible & Invisible Disabilities (AVID), Asian Professionals for Excellence (APEX), Empowering Black Professionals (EBP), Generational Perspectives (GP), Organization of Hispanics and Latine Americanos (¡OHLA!), Pride, Women Impacting Leadership (WIL) and Veterans — make CNA, and our communities, even stronger.

At CNA, we have a long-standing commitment to the diverse communities in which we live and work. We actively make a difference for the greater good through partnerships, sustainability, initiatives, and working together for a better tomorrow. Corporate Social Responsibility is not one person, or one department, it's the entire enterprise coming together to make the world a better place.