ChicagoRecruiter Since 2001
the smart solution for Chicago jobs

Director, Application Security

Company: CNA Insurance
Location: Chicago
Posted on: August 7, 2022

Job Description:

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.Leadership position responsible for spearheading the vision, design, and implementation of Application Security (AppSec) program for CNA. This position leads the AppSec team, develops AppSec strategies, and conducts application security assessments for the selection, development and implementation of enterprise applications. This position will focus on designing strategies for assessing in-house developed applications design review, threat modeling, manual code review, and collaborating with application owners to remediate risk.JOB DESCRIPTION:Essential Duties & ResponsibilitiesPerforms a combination of duties in accordance with departmental guidelines:Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house developed applications and various legacy and modern systems within data centers and the cloud.Lead and mentor a team of AppSec professionals across the DevSecOps, SAST/DAST, Software Composition, and SDLC disciplines.Develop enterprise policy and technical standards with specific regard to application security management and secure development standards.Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.Define and report on AppSec assessments utilizing the Common Vulnerability Scoring System (CVSS) classifications and standards.Fully understand business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.Be a champion for AppSec and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.Provide guidance, technical expertise, and support to team members regarding application assessments.Develop and improve KPIs and metrics for AppSec functions.Participate and lead new projects as needed.May perform additional duties as assigned.Reporting RelationshipTypically AVP or aboveSkills, Knowledge & AbilitiesProven track record of leading AppSec teams with proven knowledge and competence in security concepts and strategies and the ability to successfully implement them.Expert knowledge of application vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple in-house developed applications across multiple on-prem and cloud platforms. Experience with one or more of the following tools: Fortify, Veracode WebInspect, Burp Suite, Nexus and others.Strong written and verbal communication skills with the ability to collaborate through all parts of the business.High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams.Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.Excellent ability to effectively interact and communicate with all levels of external vendor and/or internal business partners within scope of responsibility, team and/or matrix environmentReporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.Experience in working across public cloud and on-premises hybrid infrastructure.Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.Fundamental understanding of risk vs severity.Comfort in a diverse technology environment spanning multiple operating systems and architectures.Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.Education & ExperienceBachelor's degree in Computer Science, or related discipline, or equivalent work experience.Typically a minimum of ten years related work experience in Information Technology, preferably with at least four years of experience in Application Security.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact .

Keywords: CNA Insurance, Chicago , Director, Application Security, Executive , Chicago, Illinois

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Illinois jobs by following @recnetIL on Twitter!

Chicago RSS job feeds