Senior Technology Auditor (Continuous Process Monitoring)
US- IL40- Chicago-151N Frankln
CNA Insurance
You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.
For a detailed look at CNA’s benefits, check out our Candidate Guide.
The CPM team’s goal is to monitor all IT processes and related controls and assure that controls are operating as intended and control failures are identified timely and communicated to key stakeholders for proper mitigation before they pose a risk to the organization. The CPM program has been developed within CNA’s first line of defense with the CPM activities embedded within IT processes and management-level controls. The program is implemented for controls in CNA’s Process, Risk and Controls (PRC) framework as identified by control and process owners and other stakeholders.
Job Summary
Continuous Process Monitoring (CPM) IT Senior Specialist will assist in implementing and reviewing technology controls to meet regulatory, compliance and operational needs of the organization. The Specialist leads in monitoring the performance of these controls throughout the year to ensure they meet the agreed upon control objectives and address the necessary risks. The position will provide detailed reports to control and process owners as well as the IT leadership. The review and monitoring process will result in proposed recommendations and tracking of remediation plans to ensure all pertinent risks are addressed in a timely manner. The position will also be involved in resolving audit issues related to failed controls. To make impactful difference, the results will be driven by taking initiatives, critical thinking, engaging, managing multiple projects and collaborating with stakeholders and leadership at all levels along with effective reporting. The dynamic environment provides opportunities for consistent learning helping to realize true potential and career growth.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Conduct IT reviews of systems, applications and IT processes. Perform review of IT processes and controls under the oversight of the Director; including identifying areas where technology units should consider changes to improve efficiency. Execute various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
- Provide Technology staff and Third party vendors appropriate guidance on IT risk management matters, particularly on applications, operations management, strategy and infrastructure security.
- Perform IT security assessments (e.g. network, operating system, application and data center), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate performance of these reviews with internal stakeholders;
- Learn and support tools to analyze results and data to improve audit efficiency and effectiveness, (including for risk assessments).
- Serves as a primary driver of the communication and reporting of the CPM function to various stakeholders.
- Develops a systematic methodology for communicating results to ensure that key personnel are informed and can provide feedback. Prepare and report results to executives, process owners and other stakeholders.
- Proactively provides content associated with the education and awareness of policies standards control procedures and IT Operational responsibilities across our organization. Responds to needs and feedback accordingly.
- Address audit findings and issues and coordinate remediation with various stakeholders and appropriately perform the reporting. Detects issues related to the operation of in-scope controls to ensure the effective operation of IT processes and controls for audit purposes.
Reporting Relationship
Typically reports to Director or above.
Skills Knowledge & Abilities
- Solid understanding of IT infrastructure, security and application controls, operating models, methodology and approaches. Expert knowledge of internal auditing, internal controls, risk management and understanding of internal control environments within IT and some business functions.
- Experience with multiple technology domains including aspects of Windows, Mainframe, Unix and/or database administration, software development and networking.
- Ability to multi task on assignments, prioritize and deliver on routine tasks and assigned projects.
- Strong communication and interpersonal skills to work effectively and foster teamwork with peers on project teams and other functional areas inside and outside of IT along with the ability to communicate effectively with technical and non-technical audiences.
- Ability to work within significant limits of authority on assignments requiring technical complexity and confirmation with minimal guidance. Ability to lead meetings with all level of managements.
- Maintain technical competence by ongoing training, seeking development opportunities and applying new knowledge to daily work assignments.
Education & Experience
- Bachelor’s Degree or equivalent with preferable concentrations in Management Information Systems, Computer Science, Networking and Information Security or related discipline.
- Typically a 5+ years of related experience in public accounting, auditing, advisory or related field.
- CISA, CRISC, CISM, CISSP certification is a plus.
- Exposure to IT standards (e.g. ISO 27001), frameworks (e.g. COBIT, NIST, ITIL, CIS, ), technical systems and emerging technologies.
#Remote
#LI-JB1
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP COBIT Compliance Computer Science CRISC ISO 27001 ITIL IT infrastructure Mainframe Monitoring NIST Risk assessment Risk management Security assessment Strategy UNIX Vulnerabilities Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs