Cyber Security Associate Advisor – Cyber Security Controls Assessment
 

Position Summary:

Looking for a Cybersecurity professional to perform security assessments to support confidentiality, integrity, and availability of systems. The individual will also be responsible for assisting IT & business partners to resolve security issues identified through our security evaluation questionnaire & secure scanning reports.

This is an exciting time to join the security team as we work to continuously develop our program to meet the needs of an Agile IT workforce and further build Cigna's security posture and improve customer experience. This position requires strong technical skills; the ability to work well in a team; and the ability to multitask and work on assignments independently.

Job Description & Responsibilities:

This position requires strong communication abilities, technical expertise in the areas of application, cloud and infrastructure security; the ability to work well in a team; and the ability to multitask and work on assignments independently.

• Assess the design and implementation of cyber security controls as defined by Cigna's Policies, Standards and Baselines.
• Perform evaluation to determine that technology assets are secure and compliant. 
• Assist in recommending and implementing use of new tools, technologies, and methodologies to enable automated Application security testing in the development process.
• Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with Security Architecture, business, technology and threat drivers.
• Performs risks assessments of existing or new services and technologies, identifies design gaps, risks, and recommends security enhancements.
• Communicates risk assessment findings to information security customers or business partners.
• Serves as an information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them.

Experience Required:

• 8 or more years of IT and/or information security experience

Experience Desired:

• 8 to 11 years of relevant work experience

Education and Training Required:

• BS or MA in Computer Science, Information Security, or a related field or equivalent work experience with certifications outlined below: 
  • Certifications preferred: Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Cloud Information Professional (CCSP)
  • Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC)
  • Security+
  • Network+

Primary Skills:

• Strong Communication skills, ability to speak to and document cyber risks, controls and possible solutions, and clearly articulate these to the business in laymen’s terms if necessary.

• Ability to speak to security in groups meetings as needed.
• 8-11 years of experience with information security management frameworks (e.g., IS027000, HITRUST, SOC2, PCI, COBIT, NIST 800, etc.) & some regulatory compliance background a plus.
• GRC tool experience and Issues Governance processes is desired.

Working knowledge or understanding of following technologies/protocols/methodologies:

• Physical and Virtual Infrastructure
• Network Security
• Cloud Computing (AWS, Azure, Google, Private)
• Containerization
• API
• Static & Dynamic Code Scans
• Microservices
• Mobile
• Secure web services and Mobile app design and review
• Encryption, hashing and Key management
• Multifactor authentication, Logging and Vulnerability management
• Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC) a plus.

About Evernorth Health Services