Director and Chief Information Security Officer (DCISO)

Company: CNA Corporation
Location: Arlington
Posted on: March 16, 2023

Job Description:

CNA fosters an inclusive culture that values diverse backgrounds and perspectives. Our flexible and engaging work environment encourages iterative and creative collaboration at every stage of the problem solving process. Our employees are committed to helping clients develop effective solutions to better manage their programs through scientific, data-driven approaches. We are looking for creative and innovative individuals to help carry out our mission.

PRIMARY PURPOSE

Director and Chief Information Security Officer (DCISO) is responsible for the development, management, and oversight of programs, policies, procedures, and methodologies designed to ensure the mitigation and/or reduction of digital security risks related to the protection of CNA's employees, national security information and assets. The DCISO is also responsible for developing all appropriate digital security controls and risk management strategies for the organization; providing regular digital security risk assessments and developments to senior management and the Board of Trustees; partnering with stakeholders throughout the organization to ensure security is prominently and philosophically embedded within our operations; and cultivating a culture of security compliance within the Company.

The DCISO reports directly to the Chief Information Officer of CNA. In this capacity, the DCISO serves as the visionary leader who is accountable for ensuring the organization's digital security environments are protected, effective, and compliant with government and company regulations and policies as well as consistent with industry best practices.

JOB DESCRIPTION AND DUTIES

* Responsible for setting the strategic direction for the information security function to ensure successful business execution of classified and unclassified programs while maintaining compliance to all government and Company policies.
* Serve as the primary POC for all external agencies, subcontractors, vendors, and business partners in connection with the company's digital security program and practices. Manage the information security portion of prime contracts and subcontracts issued to CNA and draft/issue these security contracts to CNA's subcontractors. Coordinate digital security matters with the Contracting Officer for the Navy FFRDC and with contracting officials for other government agencies. Serve as liaison for the exchange of information with all federal agencies and organizations, as appropriate.
* Oversee the development, implementation and monitoring of a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
* Manage the development, maintenance and publication of information security policies, standards, and training.
* Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of information security and IT security programs, facilitate appropriate resource allocation, and increase the maturity of security programs.
* Develop and manage departmental budgets.
* Provide regular reporting on the current status of the company digital security programs to senior managers, business leaders and the Board of Trustees as part of a strategic enterprise risk management program.
* Provide counsel and guidance to senior management and business unit leaders on information security and its role in enabling mission activities and managing IT security risk.
* Act as information security advisor to CNA's senior team and business unit leaders in accordance with the company's security policies and business requirements.
* Manage the security staff responsible for information security. Provide the necessary leadership to develop and lead the team in support of executing business objectives.
* Maintain and coordinate excellent working relationships with all government oversight agencies, prime and subcontractors, vendors, and business partners in connection with the company's digital security program and practices.
* Develop and execute digital security best practices related to enabling program execution for the company's diverse and complex classified programs.
* Create and maintain the security and IT security elements of CNA's Business Continuity Plan and Disaster Recovery Plan.
* Ensure the enforcement of enterprise IT security policies and procedures. Manage the design and execution of vulnerability assessments, penetration tests and IT security audits.
* Select and acquire additional IT security solutions or enhancements to existing IT security solutions to improve overall enterprise IT security as per the enterprise's existing procurement processes.
* Perform other duties as assigned.

JOB REQUIREMENTS

1. Education: Bachelor's degree in Computer Science, Information Technology, Engineering or related field or equivalent combination of education and work experience required; Advanced degree preferred. One or more of the following certifications is preferred: SACA Certified Information Security Manager; Certified Information Privacy Professional (CIPP), (ISC) SCCEP: (ISC) CISSP: (ISC) ISSAP.

2. Experience: Minimum 15 years progressive experience in Corporate Information Security including managerial experience. Demonstrated record of accomplishments leading, designing and implementing an enterprise information security environment, including experience with or knowledge of: NIST cyber and information security policy and guidance and DoD security policy, guidelines and directives. Knowledge of DoD or other U.S. Government Industrial Security Program.

3. Skills: Excellent verbal and written communication and interpersonal skills with the ability to generate trust and build relationships across all levels of the organization. Must have proficiency in a variety of computer software applications in word processing, spreadsheets, database, and Outlook. Strong analytical thinking and innovation skills. Demonstrated skills in complex decision-making, problem-solving and planning. Strong systems thinking and relationship management skills, including ability to influence stakeholders. Strong customer service orientation and awareness to drive key critical decisions and resolve complex problems. Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Ability to develop high quality staff and to build successful teams through coaching and mentoring. Demonstrated project management skills; strong security IT planning, organization, and development; expert knowledge of current and developing technologies.

4. Other: On-call availability outside of normal working hours. Ability to obtain and maintain a Top Secret level security clearance.

5. Remote/Hybrid Work Eligibility: This position is eligible for telecommuting or hybrid work arrangements at the discretion of the Supervisor. Employees may be required to work at CNA headquarters or other work locations resulting in changes to the scheduled telecommuting or hybrid work arrangements.

* Voluntary (but highly desired) document*

Please include a personal statement as part of your application. A personal statement is a chance for us to get to know you. The statement is your opportunity to share your goals, interests, influences and show us that you will be a valuable asset to our organization. Please click here for personal statement guidelines - Click here

Personal statements will not be used as an elimination criteria for this position. They will only be used to enhance a candidate's application

CNA is committed to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service and protected veterans, or other non-merit based factors. In addition to federal legal requirements, CNA complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. These protections extend to all terms and conditions of employment, including recruiting and hiring practices, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training and career development programs. For more information about EEO protections, please view the EEO is the law posters here: "EEO is the Law" Poster", "EEO Poster Supplement". The pay transparency policy is available here: Pay Transparency Nondiscrimination Poster. To be considered for hire, all individuals applying for positions with CNA are subject to a background investigation. For positions requiring access to classified information, U.S. citizenship is required. Individuals will also be subject to an additional government background investigation, and continued employment eligibility is contingent upon the ability to obtain and maintain an active security clearance.

Other details

* Job Family Supervisor/Management
* Pay Type Salary
* Employment Indicator (none)

Apply Now

* CNA, 3003 Washington Blvd, Arlington, Virginia, United States of America

Keywords: CNA Corporation, Arlington , Director and Chief Information Security Officer (DCISO), Executive , Arlington, Virginia