Position Summary:
We are looking for a highly skilled Information Protection Associate Advisor to join our team, focusing on automation engineering initiatives to drive efficiency and reducing manual effort across the organization. In this role, you will work directly interact with application or product teams and cross-functional teams to identify automation opportunities, design and deliver scalable, resilient, and secure solutions that optimize our internal processes and support Cigna overarching security goals. This individual will contribute to major technology initiatives aimed at revolutionizing health services and the ability to influence security tools integrations within the healthcare delivery system working from HIH.
Experience Required:
- 8+ years of experience in cybersecurity.
- Proven project management skills, with experience leading complex cybersecurity projects.
- Strong understanding of cybersecuritybest practices.
- Excellent analytical, problem-solving, and decision-making skills.
- Strong English written and verbal communication and interpersonal skills.
- Proven ability to work effectively with cross-functional teams and stakeholders across multiple time zones and countries.
Job Description & Responsibilities:
Intake Processing:
- Analyze and identify business inputs for assessment engagement.
- Review workflows for existing assessments and new assessments.
- Review business workflow within Intake system to define triaging, prioritization and tracking of intake requests.
- Establish SLAs for engagement requests, assessment completion, include various workflow status to track the progress of the intakes. (eg. open, cancelled, In progress, On hold, complete)
- Work closely with other CIP teams like Product Security (AppSec), Security Architecture and other assessment teams to ensure tasks are completed within SLA.
- Work with app teams to gather and document feedback for enhancements.
- Fluent with ServiceNow reporting and metrics to track coverage and volume analysis for leadership visibility.
- Support the analysis and identification of business inputs for assessment engagement.
- Create workflow logic for existing assessments and new assessments.
- Review technical feasibility within Intake system to define triaging, prioritization and tracking of intake requests.
- Work closely with project teams to provide guidance and assist with the Intake submission.
- Create and maintain user guides, FAQs, confluence pages for the CIP Intake tool for Cigna Projects teams to use.
Security Remediation Management:
- Analyze and understand the volume of current non-production security findings and their sources.Strengthen the oversight of security fixes in non-prod environment
- Establish SLAs for remediation and exception management to ensure compliance with industry standards.
- Define end to end workflow for identification/assessment, remediation, monitor, validation, and resolution.
- Create reports and dashboards for CIP and Application leadership to understand the security posture of the org.
- Work closely with application business units and CIP assessment teams to ensure clear handoffs and timely remediation of security vulnerabilities.
- Monitor and track remediation rate in non-prod and its impact on prod remediation rate.
- The idea is to have all the non-prod security vulnerabilities to flow into a centralized risk platform.
- Review and compare the various platforms and help with building and integrating the findings into that platform/tool.
- Document requirements, workflows, and prototypes to build the system integrations.
- Automate workflow within the tool for tracking progress and reporting for visibility and metrics.
Education and Training Required:
- Bachelor degree in computer science, Information Technology, Cybersecurity, or a related field.
- Relevant certifications such as CISSP, CISM, CISA, or equivalent are nice to have.
The tools/technical skills:
Advanced ExcelSkills (Pivot tables and other reporting skills)
Advanced Word documentation
Analytics/Power BI
Visio/Mural - preferably Mural as that is what we use.
Jira
ServiceNow
Confluence
SharePoint
SQL Server
Microsoft project or other project tracking
