Director and Chief Information Security Officer (DCISO)
Company: CNA Corporation
Location: Arlington
Posted on: March 16, 2023
|
|
Job Description:
CNA fosters an inclusive culture that values diverse backgrounds
and perspectives. Our flexible and engaging work environment
encourages iterative and creative collaboration at every stage of
the problem solving process. Our employees are committed to helping
clients develop effective solutions to better manage their programs
through scientific, data-driven approaches. We are looking for
creative and innovative individuals to help carry out our
mission.
PRIMARY PURPOSE
Director and Chief Information Security Officer (DCISO) is
responsible for the development, management, and oversight of
programs, policies, procedures, and methodologies designed to
ensure the mitigation and/or reduction of digital security risks
related to the protection of CNA's employees, national security
information and assets. The DCISO is also responsible for
developing all appropriate digital security controls and risk
management strategies for the organization; providing regular
digital security risk assessments and developments to senior
management and the Board of Trustees; partnering with stakeholders
throughout the organization to ensure security is prominently and
philosophically embedded within our operations; and cultivating a
culture of security compliance within the Company.
The DCISO reports directly to the Chief Information Officer of CNA.
In this capacity, the DCISO serves as the visionary leader who is
accountable for ensuring the organization's digital security
environments are protected, effective, and compliant with
government and company regulations and policies as well as
consistent with industry best practices.
JOB DESCRIPTION AND DUTIES
* Responsible for setting the strategic direction for the
information security function to ensure successful business
execution of classified and unclassified programs while maintaining
compliance to all government and Company policies.
* Serve as the primary POC for all external agencies,
subcontractors, vendors, and business partners in connection with
the company's digital security program and practices. Manage the
information security portion of prime contracts and subcontracts
issued to CNA and draft/issue these security contracts to CNA's
subcontractors. Coordinate digital security matters with the
Contracting Officer for the Navy FFRDC and with contracting
officials for other government agencies. Serve as liaison for the
exchange of information with all federal agencies and
organizations, as appropriate.
* Oversee the development, implementation and monitoring of a
strategic, comprehensive enterprise information security and IT
risk management program to ensure the integrity, confidentiality
and availability of information owned, controlled or processed by
the organization.
* Manage the development, maintenance and publication of
information security policies, standards, and training.
* Facilitate a metrics and reporting framework to measure the
efficiency and effectiveness of information security and IT
security programs, facilitate appropriate resource allocation, and
increase the maturity of security programs.
* Develop and manage departmental budgets.
* Provide regular reporting on the current status of the company
digital security programs to senior managers, business leaders and
the Board of Trustees as part of a strategic enterprise risk
management program.
* Provide counsel and guidance to senior management and business
unit leaders on information security and its role in enabling
mission activities and managing IT security risk.
* Act as information security advisor to CNA's senior team and
business unit leaders in accordance with the company's security
policies and business requirements.
* Manage the security staff responsible for information security.
Provide the necessary leadership to develop and lead the team in
support of executing business objectives.
* Maintain and coordinate excellent working relationships with all
government oversight agencies, prime and subcontractors, vendors,
and business partners in connection with the company's digital
security program and practices.
* Develop and execute digital security best practices related to
enabling program execution for the company's diverse and complex
classified programs.
* Create and maintain the security and IT security elements of
CNA's Business Continuity Plan and Disaster Recovery Plan.
* Ensure the enforcement of enterprise IT security policies and
procedures. Manage the design and execution of vulnerability
assessments, penetration tests and IT security audits.
* Select and acquire additional IT security solutions or
enhancements to existing IT security solutions to improve overall
enterprise IT security as per the enterprise's existing procurement
processes.
* Perform other duties as assigned.
JOB REQUIREMENTS
1. Education: Bachelor's degree in Computer Science, Information
Technology, Engineering or related field or equivalent combination
of education and work experience required; Advanced degree
preferred. One or more of the following certifications is
preferred: SACA Certified Information Security Manager; Certified
Information Privacy Professional (CIPP), (ISC) SCCEP: (ISC) CISSP:
(ISC) ISSAP.
2. Experience: Minimum 15 years progressive experience in Corporate
Information Security including managerial experience. Demonstrated
record of accomplishments leading, designing and implementing an
enterprise information security environment, including experience
with or knowledge of: NIST cyber and information security policy
and guidance and DoD security policy, guidelines and directives.
Knowledge of DoD or other U.S. Government Industrial Security
Program.
3. Skills: Excellent verbal and written communication and
interpersonal skills with the ability to generate trust and build
relationships across all levels of the organization. Must have
proficiency in a variety of computer software applications in word
processing, spreadsheets, database, and Outlook. Strong analytical
thinking and innovation skills. Demonstrated skills in complex
decision-making, problem-solving and planning. Strong systems
thinking and relationship management skills, including ability to
influence stakeholders. Strong customer service orientation and
awareness to drive key critical decisions and resolve complex
problems. Ability to lead and motivate cross-functional,
interdisciplinary teams to achieve tactical and strategic goals.
Ability to develop high quality staff and to build successful teams
through coaching and mentoring. Demonstrated project management
skills; strong security IT planning, organization, and development;
expert knowledge of current and developing technologies.
4. Other: On-call availability outside of normal working hours.
Ability to obtain and maintain a Top Secret level security
clearance.
5. Remote/Hybrid Work Eligibility: This position is eligible for
telecommuting or hybrid work arrangements at the discretion of the
Supervisor. Employees may be required to work at CNA headquarters
or other work locations resulting in changes to the scheduled
telecommuting or hybrid work arrangements.
* Voluntary (but highly desired) document*
Please include a personal statement as part of your application. A
personal statement is a chance for us to get to know you. The
statement is your opportunity to share your goals, interests,
influences and show us that you will be a valuable asset to our
organization. Please click here for personal statement guidelines -
Click here
Personal statements will not be used as an elimination criteria for
this position. They will only be used to enhance a candidate's
application
CNA is committed to providing equal employment opportunities (EEO)
to all employees and applicants for employment without regard to
race, religion, color, sex (including pregnancy, gender identity,
and sexual orientation), parental status, national origin, age,
disability, family medical history or genetic information,
political affiliation, military service and protected veterans, or
other non-merit based factors. In addition to federal legal
requirements, CNA complies with applicable state and local laws
governing nondiscrimination in employment in every location in
which the company has facilities. These protections extend to all
terms and conditions of employment, including recruiting and hiring
practices, promotion, termination, layoff, recall, transfer, leaves
of absence, compensation, and training and career development
programs. For more information about EEO protections, please view
the EEO is the law posters here: "EEO is the Law" Poster", "EEO
Poster Supplement". The pay transparency policy is available here:
Pay Transparency Nondiscrimination Poster. To be considered for
hire, all individuals applying for positions with CNA are subject
to a background investigation. For positions requiring access to
classified information, U.S. citizenship is required. Individuals
will also be subject to an additional government background
investigation, and continued employment eligibility is contingent
upon the ability to obtain and maintain an active security
clearance.
Other details
* Job Family Supervisor/Management
* Pay Type Salary
* Employment Indicator (none)
Apply Now
* CNA, 3003 Washington Blvd, Arlington, Virginia, United States of
America
Keywords: CNA Corporation, Arlington , Director and Chief Information Security Officer (DCISO), Executive , Arlington, Virginia
Click
here to apply!
|