Cyber Security Associate Advisor - HIH - Evernorth

About Evernorth:

Evernorth℠ exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care, we solve the problems others don’t, won’t or can’t. 

Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference.

We are always looking upward. And that starts with finding the right talent to help us get there.

Associate Advisor – Cyber Security Controls Assessment
 

Position Summary:

Looking for a Cybersecurity professional to perform application and infrastructure security assessments to support confidentiality, integrity, and availability of systems. The individual will also be responsible for assisting IT & business partners to resolve security issues identified through our security evaluation questionnaire & secure scanning reports.

This is an exciting time to join the security team as we work to continuously develop our program to meet the needs of an Agile IT workforce and further build Cigna's security posture and improve customer experience. This position requires strong technical skills; the ability to work well in a team; and the ability to multitask and work on assignments independently.

Experience Required:

• 8 - 11 years of IT and/or information security experience

Job Description & Responsibilities:

• Assess the design and implementation of cyber security controls as defined by Cigna's Policies, Standards and Baselines.
• Perform evaluation to determine that technology assets are secure and compliant. 
• Assist in recommending and implementing use of new tools, technologies, and methodologies to enable automated Application security testing in the development process.
• Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with Security Architecture, business, technology and threat drivers.
• Performs risks assessments of existing or new services and technologies, identifies design gaps, risks, and recommends security enhancements.
• Communicates risk assessment findings to information security customers or business partners.
• Serves as an information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them.

Education And Training Required:

• BS or MA in Computer Science, Information Security, or a related field or equivalent work experience with certifications outlined below: 

• Security+

• Network+

• Certifications preferred: Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Information Professional (CCSP)
• Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC)

Primary Skills:

• Strong Communication skills, ability to speak to and document cyber risks, controls and possible solutions, and clearly articulate these to the business in laymen’s terms if necessary.
• Ability to speak to security in groups meetings as needed.
• 8-11 years of experience with information security management frameworks (e.g., IS027000, HITRUST, SOC2, PCI, COBIT, NIST 800, etc.) & some regulatory compliance background a plus.

Working knowledge or understanding of following technologies / protocols / methodologies:

• Physical and Virtual Infrastructure

• Network Security

• Cloud Computing (AWS, Azure, Google, Private)

• Containerization

• Infrastructure as Code (IaC)

• Microservices

• Mobile

• Prisma

• Software Defined Network

• Virtualization

• Integration patterns, asynchronous and synchronous processes, long running tasks and orchestration.
• Static & Dynamic Code Scans
• OpenStack, ACI, Openshift, Docker
• Secure web services and Mobile app design and review
• Encryption, hashing and Key management
• Multifactor authentication, Logging and Vulnerability management
• Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC) a plus
• About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.