Job Description

About EvernorthEvernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.:Information Protection Associate AdvisorJob Objective:The Information Protection Associate Advisor is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization.This role will support in enforcing standard information protection controls through regional security governance and provision of shared services. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits.Support the Management team (Regional Information Security Officer and Senior Manager) on security reporting, and other CIP led initiatives.This role also covers specifically security in data governance and security in customer service centers and/or Back office operations centers.:Regional Security Governance:

• Enforce security governance in the Asia Pacific region by ensuring all security shared services fully covers the region. Such services include Infrastructure and Application Security Assessments, Third Party Security Assessments, Infrastructure and Application Vulnerability Management, DevSecOps, Security Incident Response and Handling, Resiliency, architecture & consulting
• Track and manage security assessments of application, infrastructure and third party suppliers to ensure timely delivery
• Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
• Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements
• Communicates risk assessment findings to information security customers, or business partners. Identifies appropriate controls to effectively manage information risks
• As required, perform site reviews of physical and IT facilities, measuring actual conditions against submitted responses. Evaluate IT processes to ensure effective information protection is practiced
• Work with supplier chain management on contracts to include up-to-date security terms
• Stays abreast of current and emerging security threats and designs security architectures to mitigate them

Support the Management team(Regional Information Security Officer and Senior Manager):

• Monitor and report on security metrics, compliance status, key risks and ongoing activities
• Issue tracking with local security teams
• Review and approve security related application/infrastructure and access control changes
• Coordinate CIP initiatives with other countries as required

Security in Service Centers and Operations Centers

• Enforces CIP policies and related government regulations in the Service Centers and Operations Centers
• Conduct risk assessments to identify gaps against CIP policies and local regulations
• Proactively identify security risks and recommend solutions to mitigate potential threats
• Provide training and support to staff on security policies, governance and best practices

Security in Data Governance

• Enforces security controls in data governance to ensure compliance with relevant regulations and CIP policies
• Collaborate with cross-functional teams to identify and classify sensitive data across the organization
• Monitor data access and usage to enforce security and prevent unauthorized access
• Conduct regular assessments to evaluate effectiveness of data security controls
• Provide training and support to staff on data governance policies and best practices

Skills Needed:

• Health Insurance, Health Care or Financial Services Industry experience preferred
• Proven record on timely execution and progress tracking
• Proven Communication skills, able to write and verbally communicate effectively
• Organizational courage to identify, escalate and resolve risk issues
• Flexible can adapt to changing organization changing business needs, technological advances and agile methodology
• Demonstrates technical skills in infrastructure and application security architecture, vulnerability management and required controls
• Previous experience in third party supplier security controls.
• Previous experience in security in Service Centers and Operations Centers, OR security in data governance
• Self-starter and proactive in identifying, resolving and tracking issues
• Experience with contracting and negotiations
• Experience with process and change management, reporting and incident handling
• Travel required, approximately 10%

Qualifications:

• Bachelor degree or equivalent experience
• CISSP, CISA, CISM, CRISC or similar certifications preferred
• Broad high level security knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, IT & physical controls
• Qualified candidates will typically have 8 to 11+ years of professional IT security experience work experience
• Experience and working knowledge of PCI DSS & ISO 27001 certification is a plus
• Excellent problem identification, solving and critical reasoning skills.
• Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment

Evernorth Health Services