Cyber Security Analyst - HIH - Evernorth chez Cigna

The Cyber Security Analyst  is responsible for providing general technical, operational, and risk management support to Cigna's Information Protection (CIP) Middle East and Africa (MEA) team. This role will support the enforcement of standard information protection controls through infrastructure, application, and cloud security assessments. Work with the Cigna Information Protection team as required to support vulnerability assessments, assist with penetration tests, and track and remediate findings.

This role will work closely with the KSA CISO team to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. In addition, this role will support the dashboard reporting, coordination of incident responses, risk assessments, and other CIP-led initiatives.

Qualifications:

• Bachelor's degree preferred.

• 2 - 4 years or more of security operations or security governance, risk, and compliance experience.

• CISA, CRISC, OSCP, GIAC certificates, or similar certifications desired

• Passionate about security and finding new ways to protect systems as well as break them

• Strong analytical and problem-solving skills, with the ability to “think outside the box”.

• Ability to work in a flexible environment where requirements and procedures continuously evolve.

• Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

Responsibilities:

• Perform regular risk & activity reporting on Key Risk Indicators (KRI) and Key Performance Indicators (KPI)

• Perform issue tracking and resolution with local security teams

• Work with the CIP MEA team and key stakeholders to manage security incidents relevant to the MEA region

• Work with individual local security teams assigned to ensure security controls applied are compliant with CIP policies and standards

• Assist in the review and approval of application/infrastructure changes in terms of security

• Assist in the creation of comprehensive and accurate security reports with recommendations for appropriate remediation and communicate risk findings with development and infrastructure teams.

• Assist in the review and development of local CIP policies, standards, and guidelines

• Assist in the conduct of regulatory and internal audits as required

• Assist CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology, and threat drivers

• Maintain strong working relationships with individuals and groups involved in managing information risks across the organization

• Stay abreast of current and emerging security threats and security architectures to mitigate the threats

Skills required:

• Demonstrated ability to work as both an individual contributor and a team player in a fast-paced environment. 

• Demonstrated ability to identify cybersecurity risks and develop treatment plans, working with key stakeholders

• Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities.

• Knowledge of Windows and *nix-based operating systems.

• Understanding of core Internet protocols (e.g., TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model.

• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.).

• Understanding of Cloud environments such as SaaS, PaaS, and IaaS.

• Understanding of OWASP.

• Knowledge of networking fundamentals and common attacks.

• Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations.

About Evernorth Health Services