Job DescriptionInformation Protection PrincipalJob Objective:The Information Protection Principal is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization.This role will support in enforcing standard information protection controls through infrastructure, application and third party security assessments. Balance multiple project priorities appropriately. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits.Support the MDLIVE Chief Information Security Officer (CISO) on dashboard reporting, coordination of incident responses, risk assessments and CIP led initiatives. Assist the MDLIVE CISO with the overall direction and strategy of the Information Security function at MDLive in collaboration with the Evernorth CIP leadership team.Job Description:Infrastructure/Application reviews:
Min. 10+ years of experience in Information Security / Cyber or related risk management experience.
Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
Ensure focused risks assessments of existing or new services and technologies, security architecture are performed, identifying design gaps and risks.
Communicates risk assessment findings to information security “customers,” or business partners. Explore risk mitigation controls
Serves as an information security expert and trusted advisor to partners in IT and the business
Evaluate compliance of operation processes with Information Protection policies and related government regulations
Identifies and implements appropriate controls to effectively manage information risks as needed
Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk
Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
Stays abreast of current and emerging security threats and designs security architectures to mitigate them
Meet with vendors and employees to resolve or track compliance issues
Attend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issues
Review any regular security reports for abnormality
Work with supplier chain management on contracts to include security terms
Escalation to the fellow CIP team on security issues related to service partners
Support the Chief Information Security Officer:
Work with the CISO on managing security incidents
Regular risk & activity reporting
Issue tracking with local security teams
Review and approval of application/infrastructure changes in terms of security
Coordinate CIP initiatives with stakeholders as required
Maintain strong working relationships with individuals and groups involved in managing information risks across the organization
Partner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
Stay abreast of current and emerging security threats and security architectures to mitigate the threats
Skills Needed:
Ability to multitask and timely execute
Ability to grasp and understand complicated relationships
Proven Communication skills, able to write and verbally communicate effectively
Organizational courage to escalate and resolve risk issues
Technical depth and working knowledge in networking, desktop, server, storage, software-defined-networking, virtualization and application domains
Manage penetration testing (white box and black box) with Red and Blue Teams.
Experience leading teams of over 3-5 employees
Stay abreast of technological advances and continuously research better ways to accomplish tasks, and integrate new security technologies
Proactively update skill set in support of technology integration and design
Flexible can adapt to changing organization changing business needs, technological advances and agile methodology
Demonstrates technical skills in infrastructure, application and third party security assessments.
Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security
Experience with process and change management, reporting and incident handling
Experience with assessing and mitigating risk
Experience with contracting and negotiations
Travel required, approximately 10%
Qualifications:
BS degree or equivalent experience
CISSP, CISA, CISM, CRISC or similar certifications required
Experience and working knowledge of HIPPA, PCI DSS & ISO 27001 certification is a plus
Broad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, IT & physical controls
Qualified candidates will typically have 8+ of professional IT experience work experience, with 3+ years of experience in a leadership type role, and 5 years in information security.
Strong written and spoken English skills, Demonstrated ability to communicate at high levels, both verbally and in reporting
The ability to think strategically as well as successfully implement tactical plans
Strong interpersonal, people development and management skills; motivating others with high expectations and clear performance expectations
Strong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challenges
Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment
If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.For this position, we anticipate offering an annual salary of 138,800 - 231,400 USD / yearly, depending on relevant factors, including experience and geographic location.This role is also anticipated to be eligible to participate in an annual bonus and long term incentive plan.We want you to be healthy, balanced, and feel secure. That’s why you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, visit Life at Cigna (https://jobs.cigna.com/us/en/life-careers) .About Evernorth Health ServicesEvernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.If you require reasonable accommodation in completing the online application process, please email: [email protected] for support. Do not email [email protected] for an update on your application or to provide your resume as you will not receive a response.Cigna has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.