Cyber Security Director - Hyderabad, India - Evernorth

    Evernorth
    Evernorth Hyderabad, India

    4 weeks ago

    Default job background
    Description

    ABOUT EVERNORTH:

    Evernorth aims to enhance health opportunities for all individuals, believing that well-being is the foundation for human development and advancement. As advocates for accessible, consistent, and straightforward healthcare solutions, we tackle challenges that others avoid. Through our innovation hub in India, we collaborate with top talent to expand globally, enhance our competitive position, and fulfill our commitments to stakeholders more effectively. Our dedication lies in enhancing healthcare by delivering top-notch solutions that truly make a difference.

    We are constantly striving for improvement, starting with recruiting the right individuals to help us reach our goals.

    Role Title: Cyber Security Director

    Position Summary:

    The Cigna Information Protection, Head of Security plays a crucial role in bridging the gap between Cigna Information Protection's organizational objectives and business priorities. Acting as the main representative for the Chief Information Security Officer for the business line, you will be responsible for overseeing the development and implementation of the Cyber/Information Security Strategy at a detailed level.

    Your strategic responsibilities include overseeing the final stage execution of all Cigna Information Protection global Shared Services, establishing and evaluating capabilities while managing subsequent risk reduction Cyber Information Security Management initiatives.

    As the local expert and advocate, your focus will be on managing local stakeholder relationships as well as broader stakeholders such as regulators, clients, and external entities.

    Job Description & Responsibilities:

    • Manage all local client and regulatory interactions, addressing inquiries, regulatory submissions, and compliance in collaboration with Cigna Information Protection Shared Service Partners and governance stakeholders.
    • Lead local Controls Assurance activities, define and monitor control testing and risk remediation for the local business line.
    • Utilize the Enterprise Risk Management framework to conduct targeted local risk assessments in alignment with policies and standards, managing the risk exceptions process.
    • Coordinate the local implementation of global Cyber & Privacy portfolio risk mitigation projects and programs, feeding back into the portfolio by addressing local business line risks.
    • Enhance Cigna Information Protection security protocols and processes, aligning them with local business needs and overseeing the policy exceptions management process.
    • Collaborate with business line CIOs and technology stakeholders to integrate risk management activities into governance processes.
    • Work with Shared Services to provide localized risk and vulnerability management information and embed Cyber/Information Security into business operational governance meetings.
    • Develop organizational views on Cyber/Information Security risks by collaborating with internal control teams and other relevant departments.
    • Collaborate with Legal, Privacy, and Sourcing teams to address third-party risks and conduct assessments.
    • Promote secure development practices, implementing enterprise tools and processes to ensure secure code implementation with local business and technology teams.
    • Conduct local evaluations and assessments for Infrastructure, Applications, and Cloud services to reduce vulnerabilities.
    • Lead local incident response procedures, providing expertise in incident scenarios and managing incident post mortem activities.
    • Collaborate with Global Architecture Shared Services to implement standard security solutions and change designs.
    • Support business line activities such as mergers, acquisitions, and divestitures following Shared Services guidelines.
    • Lead local Cigna Information Protection teams and manage Shared Services peers, focusing on employee engagement and development.

    Experience Required:

    • Minimum of 15+ years in Information Security / Cyber or related risk management roles.

    Experience Desired:

    • Experience leading teams of 5-10 employees.
    • Experience in the Healthcare, Insurance, or Financial Services industry is preferred.

    Education and Training Required:

    • Preferably CISSP or similar security certifications (CISM/CISM etc.).

    Primary Skills:

    • Thorough knowledge of information security standards and frameworks, as well as awareness of GRC and workflow management tools.

    Additional Skills:

    • Ability to communicate technical controls in business terms for better understanding.