The Consulting Director, IT Cloud Security is an individual contributor role responsible for developing CNA's cloud security strategies, conducting cloud security readiness assessments and for the selection, development and implementation of enterprise cloud security architecture standards. This role leads the design and development of security architectures for protecting data deployed into different types of cloud applications. This position will directly contribute to the overall global enterprise cloud architecture and lead the security vision and strategy around all cloud-based applications (including Infrastructure, Platform, and Software-as-a-Service (IaaS/PaaS/SaaS). This role also will serve as the central point of contact for Cloud Security for other IT and business teams within CNA for all matters related to cloud security.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
1. Develop and coordinate client Cloud Security strategy and define the transition to and adoption of secure cloud services, communicating with project stakeholders to effectively convey requirements of technical and process improvements.
2. Design and implement strategies and tactical plans to aid CNA in its move to the Cloud in a secure fashion while keeping the information risk at an acceptable level.
3. Based on business requirements, design and implement cloud-native security architectures and designs applying defense-in-depth strategies that will allow those requirements to be met with a minimal degree of risk to CNA and with appropriate security controls present.
4. Comprehensive expert understanding in many areas of IT and information security, with the ability to describe in business terms the impact of IT and cloud security policies, standards, and architecture, and provide cloud security direction to business and IT personnel.
5. Possess and maintain a firm understanding of the offerings within both Amazon Web Services (AWS) and the Google Cloud platforms for cloud security and their application to CNA.
6. Recommend tactical and strategic initiatives to eliminate or mitigate risks. Actively monitor and assess new and emerging threats posing risk to cloud computing environments..
7. Provide guidance and technical leadership in the development of security standards and guidelines for cloud infrastructure to conform to information enterprise architecture, risk profile and policy requirements.
8. Document and advise on areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
9. In collaboration with Legal, identify current and potential legal and regulatory issues affecting information security and assess their impact on CNA's cloud services.
10. Participate in Customer Assessment reviews of organization security controls on behalf of the customers when we store, process or transmit the customer's data in cloud environments.
May perform additional duties as assigned.
Typically reports to AVP or above.
Skills, Knowledge & Abilities
1. Expert level knowledge of cloud system architecture and key cloud security concepts.
2. Preferred experience with the insurance industry, its products and services.
3. Strong experience with Cloud platforms, especially Amazon Web Services (AWS) and Google Cloud along with experience architecting security solutions within these cloud providers.
4. Expert knowledge of Cloud methodologies (IaaS, PaaS, SaaS), automation, orchestration, cost frameworks, trends and industry-leading cloud vendor offerings and integrations.
5. Hands-on experience configuring AWS security services such as IAM, KMS, and CloudTrail and Google Cloud security services with appropriate security certifications.
6. Experience with DevSecOps and Agile Methodologies along with experience with third party Cloud security tools, and dealing with Cloud Native Application Architectures and their associated security implications.
7. Ability to assess risks in line with information security objectives and risk tolerance of the institution. Proven conceptual, analytical and evaluation skills.
8. Strong interpersonal, verbal presentation and written communication skills along with the ability to work independently.
9. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, and responsibility.
10. Excellent project management skills and ability to organize and plan effectively to meet project goals.
Education & Experience
* Bachelor's Degree required or equivalent work experience. Master's Degree in Computer Science or technical field preferred.
* Typically a minimum of ten years of IT Security experience, with recent cloud security experience.
* Deep insurance industry knowledge preferred.
* Strong knowledge and experience architecting security solutions within cloud providers - Amazon Web Services (AWS) and Google Cloud preferred.
* Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
* IT Security and Cloud certifications preferred.
About CNA Financial
CNA Financial Corporation is an insurance holding company, which provides a variety of customers, including small, medium and large businesses, associations, professionals, and individuals with a range of insurance and risk management products and services.