Cna - Chicago, IL
posted 2 months ago
Full-time - Senior
Chicago, IL
Professional, Scientific, and Technical Services
About the position
The position at CNA is focused on leading the evaluation, development, implementation, and monitoring of advanced information security strategies and technologies. This role is critical in detecting and responding to enterprise information security incidents that may pose local, national, or global threats. The individual will interact with senior leadership during critical incidents, manage daily security operations, and direct incident response teams, ensuring effective governance and compliance with security standards.
Responsibilities
- Establish and govern the Hybrid Security Operations Center (SOC) and supporting technologies.
- Develop and manage the leadership team for managing SOC and supporting groups.
- Manage the relationship with Managed Security Service Providers (MSSP).
- Lead and manage the Computer Security Incident Response Team (CSIRT/IR).
- Serve as the subject matter expert for all information security incident responses globally.
- Provide governance for and lead the information security response process.
- Direct the response to escalated security events on local, national, and global levels.
- Participate in and lead the Incident Response Committee.
- Partner with CNA leadership on response strategies for enterprise-wide information security incidents.
- Lead the evaluation, development, and implementation of Incident Response Plans and security standards across diverse platforms.
- Ensure proactive compliance with security standards and global regulatory requirements.
- Collaborate with senior Technology, Legal, and business leaders on potential data breaches.
- Provide end-to-end problem management and root cause analysis for security incidents.
- Lead post-incident debriefings to identify improvements in systems and processes.
- Conduct independent analysis of complex problems and threats, providing mitigation strategies.
- Conduct external investigations in partnership with the Threat Intel team.
- Communicate with CNA leadership and key stakeholders on metrics and potential new threats.
- Work with technology leadership to develop and monitor information security strategies.
- Stay updated on current attack risks, trends, and breaches across industries.
Requirements
- In-depth understanding of SOC, SIEM, MSSP, DLP, and the CSIRT process.
- Proven experience with industry-standard security technologies such as NDR, Threat Detection Management, IDS, EDR, and firewalls.
- Experience applying information security principles to secure platforms and prevent threats.
- Working knowledge of regulations such as SOX, GDPR, and internal controls as they apply to IT.
- Strong understanding of malware in static and dynamic environments and mitigation strategies.
- Superior analytical and problem-solving skills with effective communication of technical information to business leaders.
- Proven ability to influence change and adoption of information security protocols.
- Ability to work well under pressure while maintaining professionalism.
Nice-to-haves
- Preferred knowledge of the insurance industry.
Benefits
- Comprehensive and competitive benefits package for employees and their family members.
