You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

The Consulting Director, AI Security is a hands-on technical contributor responsible for reviewing, evaluating, and validating AI initiatives across CNA’s enterprise. This role performs architecture and design reviews of AI, Machine Learning (ML), Generative AI (GenAI), Large Language Model (LLM), and agentic solutions; develops technology evaluation criteria for RFIs/RFPs; and tests and validates candidate solutions against security requirements. As part of the AI Governance review process, this role is a representative of the AI Security team and provides the technical security perspective on AI threats — focusing on the technical security assessment rather than governance, risk, or compliance functions, which are owned by dedicated teams. The specialist applies deep technical expertise to identify risks in AI systems and data pipelines and recommends practical controls and remediations, partnering closely with the AI Security team, Engineering, Cloud Security, Application Security, IAM, Data Security, and AI Governance.

JOB DESCRIPTION:

Essential Duties & Responsibilities

• Serve as the AI Security team’s technical reviewer within the AI Governance review process, providing the security perspective on AI threats and risks.
• Conduct architecture and design reviews of AI/ML, GenAI, LLM, and agentic initiatives, documenting findings, risks, and recommended controls.
• Write and maintain technology evaluation criteria for RFIs and RFPs covering AI security tooling and solutions.
• Test, validate, and benchmark candidate AI security solutions through proofs of concept and hands-on assessments.
• Perform threat modeling and security risk assessments of AI systems, models, and data pipelines.
• Evaluate AI workload security across cloud environments (AWS, Google Cloud) and recommend secure configurations.
• Apply industry standards and frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs, MITRE ATLAS) to reviews and assessments.
• Contribute to AI security standards, reference architectures, and best-practice guidance.
• Support integration of AI security controls into SDLC, CI/CD, and DevSecOps workflows.
• Assist with vulnerability management, security monitoring, and incident readiness for AI systems.
• Provide technical security input to Risk, Legal, and AI Governance teams to support their compliance and regulatory work.
• Track emerging AI threats, attack techniques (e.g., prompt injection, data poisoning, model extraction), and defensive practices.

Reporting Relationship

Typically reports to Director or above.

Skills, Knowledge & Abilities

• Strong working knowledge of AI/ML, GenAI, and LLM security concepts and common attack/defense techniques.
• Hands-on experience with security architecture and design reviews.
• Solid understanding of cloud security (AWS, Google Cloud) and secure cloud configurations.
• Familiarity with DevSecOps practices and secure software development.
• Ability to design and execute solution testing, proofs of concept, and technical validations.
• Ability to write clear evaluation criteria, technical assessments, and review documentation.
• Ability to translate technical risk into actionable recommendations.
• Strong analytical, problem-solving, and communication skills.
• Ability to work independently and manage multiple concurrent reviews.

Education & Experience

• Bachelor’s Degree required; relevant technical disciplines preferred.
• 5+ years of information security experience, including exposure to cloud and AI/ML environments.
• Hands-on experience with public cloud security (AWS, Google Cloud).
• Relevant certifications preferred (CISSP, CCSP, GIAC, or AI/cloud security credentials).
• Insurance or financial services experience preferred.

LI-Hybrid

LI-DM1

In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA’s benefits, please visit cnabenefits.com.

CNA utilizes AI-enabled technology during the recruiting process. For more information, please visit our careers page.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.