AVP, Cloud Security

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

This officer position holds overall responsibility for Public Cloud Security functions at CNA. Reporting directly to the Global Security Technology leader, the role provides strategic cloud security oversight for the enterprise including subsidiaries.
Responsible for spearheading the vision, design, and implementation of the entire cloud security estate at CNA, this role leads the cloud security team, develops cloud security strategies, oversees regular security detective and preventative controls and conducts readiness assessments for selecting, developing, and implementing enterprise cloud security controls standards. The position plays a central role in shaping the global enterprise cloud architecture and leads the security strategy for all cloud-based applications acting as the primary contact for all Cloud Security matters at CNA.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Develops and coordinates CNA's Cloud Security strategy, ensuring secure transition and adoption of cloud services, and communicates effectively with project stakeholders to convey technical and process improvement requirements.
• Ensures the security of all CNA's Cloud Platforms and services such as Google's IaaS, PaaS (e.g., BigQuery, Cloud SQL), Azure services, and similar services.
• Manages a large team of experienced technical cloud security professionals, overseeing their performance and development.
• Designs and implements strategies and plans to securely transition CNA to the cloud, maintaining acceptable information risk levels.
• Designs and implements cloud-native security frameworks and defense-in-depth strategies to meet business requirements with minimal risk.
• Provides expert understanding of cloud, application development, infrastructure management, and information security, translating these into business terms for IT and business personnel.
• Maintains knowledge of Google Cloud Platform (GCP), AWS and Azure offerings for cloud security and their application to CNA.
• Manages and operates external cloud security solutions (e.g., CWPP, CSPM, logging, etc).
• Recommends tactical and strategic initiatives to mitigate risks, monitoring and assessing new threats to cloud environments.
• Provides guidance and technical leadership in developing security standards and guidelines for cloud infrastructure, aligning with enterprise architecture, risk profile, and policy requirements.
• Documents and advises on security improvements that balance risk with business operations and innovation.
• Collaborates with Legal to identify and assess legal and regulatory issues affecting information security in cloud services.
• Participates in Customer Assessment reviews of organization's security controls for cloud environments.
• Drives responses to external and internal audit's security controls for cloud environments and ensures timely remediation

May perform additional duties as assigned.

Reporting Relationship

Typically reports to Vice President and above.

Skills, Knowledge & Abilities

• Expert knowledge of cloud system architecture and key cloud security concepts.
• Proven track record in hiring and managing cloud security staff.
• Expertise in Google Cloud Platform and other cloud platform security solutions.
• Deep knowledge of cloud methodologies (IaaS, PaaS, SaaS), automation, orchestration, cost frameworks, trends, and industry-leading cloud vendor offerings and integrations.
• Hands-on experience configuring cloud security services (IAM, SCC, CloudTrail, etc.) and relevant certifications.
• Experience with DevSecOps, Agile Methodologies, third-party cloud security tools, and Cloud Native Application Architectures.
• Proficient in evaluating risks in line with information security goals and organizational risk tolerance, supported by strong analytical capabilities.
• Excellent interpersonal, verbal, presentation, and written communication skills for effective interaction with internal and external stakeholders.
• Ability to work independently, under pressure, and meeting deadlines. while exhibiting high levels of motivation, confidence, and responsibility.
• Excellent project management skills with effective organization and planning abilities to successfully achieve project goals.

Education & Experience

• Bachelor's Degree required; Master's preferred in Computer Science or related discipline, or equivalent experience.
• Minimum of ten years of IT Security experience, with recent cloud security experience.
• Experience with cloud security and governance tools, and server virtualization technologies.
• Relevant certifications preferred (e.g., IT Security and Cloud).

#LI-GV1

In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $152,000 to $242,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees - and their family members - achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA's benefits, please visit cnabenefits.com.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com