Cigna Information Protection Advisor, Security Compliance in Bloomfield, Connecticut
Information Protection Advisor
The Security Compliance Advisor role is responsible for supporting the quality execution of various ad hoc and annual assessments related to security, availability, integrity, confidentiality and/or privacy for regulatory compliance and contractual assessments of information systems. These projects include several SOC-2 reports, asset-level compliance assessments, and ad hoc pre-assessments to determine readiness for other potential certifications or requirements. Based on the assigned project, the Advisor will be responsible for managing the daily operations as required, including tasks such as establishing scope and timeline of the project, managing status, assessing and improving control design, facilitating and conducting control design and effectiveness testing. Additional responsibilities will include identification and documentation of key controls, aiding in the development of test strategies and test plans, and documentation of identified control deficiencies. This role will work closely with Information System Experts, Infrastructure, Development and Project Management teams, related Compliance teams, and Control Owners.
The position is in the Global Security Assurance Team (GSAT), in the Cigna Information Protection (CIP) department. CIP is responsible for managing information security, including security risk management, for the organization. The GSAT team is responsible for security assurance-related activities associated to Cigna's government, commercial and international lines of business.
Executes framework-based assessments of internal and external systems and processes (AICPA TSP-100a, NIST CSF, NIST 800-53)
Leads discovery and walkthrough meetings with stakeholders.
Identifies, documents and maintains in-scope applications, locations and IT controls.
Develops strong relationships with IT process/control owners.
Understands and communicates success/fail criteria of IT controls.
Identifies and documents changes to the IT environment.
Identifies weaknesses in internal controls and opportunities to enhance operational efficiencies.
Supports control remediation activities.
Monitors on-going regulatory compliance for IT controls.
Provides consultative advice to information security customers that enables them to make informed risk management decisions.
Performs readiness reviews.
Assists project teams in the implementation of security measures to meet corporate security policies and external regulations.
Develops and maintains appropriate security documentation for applications and systems.
Ensures that user community understands and adheres to necessary procedures to maintain security.
Effectively manages multiple competing priorities.
Develops insights and influence positive change in the control environment.
Produces high-quality deliverables.
Performs special projects as required by management (including HITRUST and SOC-2 readiness assessments and/or State Security Assessments).
4 years of IT audit, IT risk management or IT compliance experience preferred
High School diploma required; Bachelor's Degree in computer related field or equivalent strongly preferred
Big 4 experience preferred
Strong knowledge of cyber and security controls framework such as HITRUST, NIST, AICPA TSP
Solution-based thinker willing to problem solve
Excellent organizational skills and ability to communicate with internal/external entities a must
Demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities
Focus on quality and attention to detail
Customer service-oriented; Ability to work in a flexible environment where requirements and procedures continuously evolve
Experience working in large, complex IT organizations preferred
Certification in information security and/or audit (CISA preferred)
PC skills including knowledge of Microsoft Office and Microsoft Excel
Experience managing offshore teams
This position is not eligible to be performed in Colorado.
Cigna Corporation (NYSE: CI) is a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. We offer an integrated suite of health services through Cigna, Express Scripts, and our affiliates including medical, dental, behavioral health, pharmacy, vision, supplemental benefits, and other related products. Together, with our 74,000 employees worldwide, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation.
When you work with Cigna, you’ll enjoy meaningful career experiences that enrich people’s lives while working together to make the world a healthier place. What difference will you make? To see our culture in action, search #TeamCigna on Instagram.
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.