Live chat

AVP IT Risk & Compliance

CNA. - Chicago, IL

AVP IT Risk & Compliance','INF0001PV','','','!*!Job SummaryServe as a knowledgeable risk management and compliance resource for CNA management, including C-level executives, to help ensure that CNA is on the cutting edge of security protocols and overall IT risk and compliance processes.This Officer position is responsible for the Risk Management, Compliance and IT Controls Assurance functions, and their touchpoints with functional areas across the enterprise. This role is accountable for monitoring and assessing global risks involving data security and IT services to help ensure company information is adequately protected, and that mitigation strategies are timely and effectively administered. This role will also oversee IT compliance measures to mitigate all information technology risks for the organization. The IT Controls Assurance process is an additional area of accountability to ensure effectiveness of IT control design and execution.Essential Duties & ResponsibilitiesPerforms a combination of duties in accordance with departmental guidelines:Leads, directs, and has full management accountability for the performance and development of all IT Risk and Compliance staff in Information Security, including but not limited to IT Risk Mgmt, IT Controls Assurance, Vendor Risk Mgmt, IT Compliance, and Security Advisory.Establishes IT risk, compliance and controls assurance strategies globally and guides the execution and implementation of the strategies. Also provides significant input into the future global strategy of Information Security at CNA.Actively works to identify, assess, and monitor emerging risks, evaluates associated vulnerabilities and threats, and provides mitigations strategies to protect the organization.Frequently works with senior IT and business leaders in re-evaluating IT risks from vendors.Oversees IT risk management, including the identification, analysis, and measurement of risks; the monitoring and reporting on IT risks, and the disposition of said risks. Acts as the primary contact for the Enterprise Risk Management team on IT-related risk issues.Oversees compliance and the IT controls assurance areas and partners with the Corporate Compliance organization on global regulatory issues for IT.  Effectively applies governance and control frameworks to ensure IT compliance requirements are thoroughly and consistently met.Directs and oversees the development and implementation of IT Risk standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments.Works closely with other leaders across Information Security to ensure a common approach to threat and intelligence analysis, risk management methodologies, compliance reporting, and crisis management.  Owns IT policies, awareness, and training.May perform additional duties as assigned.Reporting RelationshipTypically VP and AboveSkills, Knowledge & AbilitiesIn depth experience with all aspects of information security, risk management, and business continuity management.In-depth experience with business processes as well as process controls and risks, and how this relates to the IT environment and audit procedures. Preferred experience with the insurance industry, its products and services.Senior level knowledge of regulations (i.e., SOX, HIPAA, privacy, etc.) as it pertains to IT risk and controls.Excellent ability to influence change in enterprise understanding and adoption of information security concepts.Excellent analytical and problem solving skills.Excellent communications and interpersonal skills and the ability to work effectively with peers and cross functional senior executives.Strong understanding of crisis management skills.Strong ability to manage complex projects to completion.Proven ability to lead and motivate others in accomplishing goals.Preferred insurance industry knowledge.Education & ExperienceBachelor’s Degree required or equivalent work experience.  Master’s Degree in Computer Science or technical field preferred.Minimum of ten years of information security, and IT risk and compliance experience with five years’ management experience.  Deep insurance industry experience preferred.IT Risk and Compliance certifications preferred.','CNA is an Equal Opportunity Employer committed to a diverse work culture. M/F/D/V.','CNA is an Equal Opportunity Employer committed to a diverse work culture. M/F/D/V.','Information Systems','United States-Illinois-Chicago','','IT - Information Security','May 14, 2018','Ongoing','','false','AVP IT Risk & Compliance

11 days



AVP IT Risk & Compliance CNA. - Chicago, IL, United States


Location: Chicago, IL

Company Profile:
Since 1897, CNA has been providing outstanding service and an ongoing commitment to building long-term relationships, earning us a reputation for being a carrier that inspires trust. At CNA, we take pride in our ability to offer innovative products and services that meet the evolving needs of our customers and business partners alike. As the 7th largest U.S. commercial insurer and the 13th largest U.S. property & casualty insurer, we provide insurance protection to more than one million businesses and professionals in the U.S. and internationally. We understand the importance of being where our customers are. Headquartered in Chicago, CNA has offices throughout the U.S., Canada and Europe. In these locations, we work with highly professional independent agents and brokers to ensure our customers receive the personal service and attention they look for in a carrier.