Consulting Director, AI Security

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. 

We are seeking a Consulting Director of AI Security to lead and shape CNA’s enterprise-wide AI security strategy and roadmap. This is a high-impact and high-vibility role at the forefront of cutting-edge technology, responsible for securing the development and deployment of AI, Machine Learning (ML), and Generative AI (GenAI)/Large Language Model (LLM) solutions. The candidate must have a strategic approach and provide thought-leadership in all areas of AI security, with proven expertise in the risks associated with AI technologies and their real-world applications. A strong understanding of mitigation strategies is essential, particularly in the context of how AI is integrated into internal critical data, modern software, SaaS platforms, and cloud environments. The successful candidate must have knowledge of cloud architecture, identity and access management (IAM), and data privacy principles - ensuring that AI innovations at CNA are secure, responsible, and resilient.

This position leads a small but mighty team, which provides security guidance & governance, GenAI security testing, and overall GenAI security strategy for CNA globally. Responsible for security reviews of application architecture. Provides expertise and support to senior management in risk assessment and the implementation of appropriate AI/ML/LLM security procedures.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Define and maintain CNA’s enterprise-wide AI, ML, and LLM security standards, policies, and technical specifications
• Serve as a key contributor to the AI Governance Committee, ensuring the responsible, ethical and secure use of AI across CNA
• Stay informed of emerging threats, regulatory changes, and industry best practices pertaining to AI; lead internal efforts to adopt innovative and secure AI methodologies
• Develop and continuously improve the process for assessing, testing, and performing security reviews of AI technology before it’s moved for Governance committee approval
• Develop and continuously improve threat models for AI/ML workloads, particularly within cloud-native services
• Lead the discovery, risk assessment, and remediation of Shadow AI across business units
• Identify and quantify AI security technical debt, based on violations of CNA’s standards, policies, and technical requirements
• Oversee the development of key security posture metrics, dashboards, and reporting frameworks related to AI/ML systems
• Partner with Cloud Security Automation, Application Security, and Data Security teams to ensure that all AI initiatives are aligned with CNA’s broader security objectives
• Ensure secure handling of CNA’s most sensitive data throughout the AI model lifecycle, while enabling agility and scalability for innovation teams
• Contribute to infrastructure and application security initiatives with a specific focus on securing AI/ML use cases at scale
• Lead research and development of new AI security tools and techniques, evaluating their applicability to CNA’s environment and operationalizing where appropriate

May perform additional duties as assigned.

Reporting Relationship
The Consulting Director of AI Security will report directly into the VP of Security Technology.

Skills, Knowledge & Abilities

• Expert level knowledge of AI, GenAI, LLMs, ML, and related concepts and practices, ideally demonstrating some hands-on knowledge of AI model creation, and LLM training experience.
• Deeply familiar with Security Architecture, and the application of security best practices to various Cloud delivery models in Multi-Cloud environments.
• Strong familiarity with Cloud platforms, especially Google Cloud Platform (GCP).
• Experience with DevSecOps and Agile Methodologies along with experience with third party Cloud security tools, and Cloud Native services and their associated security implications.
• Ability to assess risks in line with information security objectives and risk tolerance of the institution. Proven conceptual, analytical and evaluation skills.
• Strong interpersonal, written and verbal communication skills, with ability to present to Executive leadership audience.
• Self-starter and the ability to work independently.
• Ability to work well under pressure and tight deadlines. Demonstrate a high level of motivation, confidence, responsibility and ownership.
• Strong project management skills and ability to organize and plan team’s effort effectively to meet project goals.

Education & Experience

• Bachelor’s Degree required.  Master’s Degree or equivalent experience in Computer Science or related technical field preferred.
• Typically, a minimum of ten years of IT Security experience, with recent experience in AI/ML.
• Strong knowledge and experience architecting security solutions within public cloud providers - Google Cloud preferred.
• IT Security and Cloud certifications preferred (e.g. CISSP, CCSP, CCSK, etc). 
• Knowledge and familiarity with the insurance industry is a plus.

#LI-JB1

#Remote

In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals.  For a detailed look at CNA’s benefits, please visit cnabenefits.com.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.