Job Description

About EvernorthEvernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Information Protection Associate AdvisorPosition Summary:Looking for a Cybersecurity professional to perform application and infrastructure security assessments to support confidentiality, integrity, and availability of systems.The individual will also be responsible for assisting IT & business partners to resolve security issues identified through our security evaluation questionnaire & secure scanning reports. & Responsibilities:This is an exciting time to join the security team as we work to continuously develop our program to meet the needs of an Agile IT workforce and further build Cigna\'s security posture and improve customer experience.This position requires strong technical skills; the ability to work well in a team; and the ability to multitask and work on assignments independently.The key responsibilities of the role are as follows:

• Assess the design and implementation of cyber security controls as defined by Cigna\'s Policies, Standards and Baselines.
• Perform evaluation to determine that technology assets are secure and compliant.
• Assist in recommending and implementing use of new tools, technologies, and methodologies to enable automated Application security testing in the development process.
• Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with Security Architecture, business, technology and threat drivers.
• Performs risks assessments of existing or new services and technologies, identifies design gaps, risks, and recommends security enhancements.
• Communicates risk assessment findings to information security customers or business partners.
• Serves as an information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them.

Experience Required:

• 8-11+ years of relevant work experience

Education and Training Required:

• BS or MA in Computer Science, Information Security, or a related field or equivalent work experience with certifications outlined below:
• Certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Cloud Information Professional (CCSP), Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC), Security+, Network+, etc.

Primary Skills:

• Strong Communication skills, ability to speak to and document cyber risks, controls and possible solutions, and clearly articulate these to the business in laymens terms if necessary.
• Ability to speak to security in groups meetings as needed.
• 10+ years of experience with information security management frameworks (e.g., IS027000, HITRUST, SOC2, PCI, COBIT, NIST 800, etc.) & some regulatory compliance background a plus.

Working knowledge or understanding of following technologies / protocols / methodologies:

• Physical and Virtual Infrastructure
• Network Security
• Cloud Computing (AWS, Azure, Google, Private)
• Containerization
• Infrastructure as Code (IaC)
• Integration patterns, asynchronous and synchronous processes, long running tasks and orchestration.
• Microservices
• Mobile
• Static & Dynamic Code Scans
• Prisma
• OpenStack, ACI, Openshift, Docker
• Software Defined Network
• Virtualization
• Secure web services and Mobile app design and review
• Encryption, hashing and Key management
• Multifactor authentication, Logging and Vulnerability management
• Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC)

Evernorth Health Services