Cyber Security Advisor - HIH - Evernorth na Cigna

ABOUT EVERNORTH: 

Evernorth℠ exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care,
we solve the problems others don’t, won’t or can’t. 

Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference.

We are always looking upward. And that starts with finding the right talent to help us get there.

Cyber Risk Management

Position Summary:

This role will work closely with the Information Protection Manager in identifying, assessing and mitigating potential risks and threats related to the company’s strategic supplier off-shore footprint. The role will be responsible for executing the operational components of the Third Party Cyber Risk Management lifecycle. The TPCRM advisor will support the overall Outsourcing Security Governance function with responsibilities that include but not limited to analyzing key service providers, monitoring, managing on-going third party risk assessments, vendor scorecards, offboarding and project management. This role will support the company’s Drive to 2025 strategy and will support key technology and business initiatives in relation to supplier resiliency, expansion and new supplier cyber assessments. Candidate must be able to perform security on-site assessments across strategic India based delivery centers.

Job Description & Responsibilities:

• Execute operational components of Third Party Risk Management (TPRM) lifecycle: initial risk assessment, periodic due diligence, ongoing monitoring, and offboarding

• Develop and implement strategies to mitigate cyber risks, including policies, procedures and controls

• Conduct regular risk assessments to identify vulnerabilities and weaknesses in cybersecurity defenses

• Perform on-site assessments at supplier delivery center

• Partner with business stakeholders to help them navigate the centralized TPRM process

• Review inherent risk questionnaire (IRQ) responses

• Initiate and coordinate vendor due diligence reviews

• Perform non-technical third party due diligence reviews

• Partner with subject matter experts (SME) to coordinate their reviews

• Prepare annual Critical Supplier Assessments

• Document, monitor, and report on third party issues and policy exceptions

• Document TPRM procedures and controls

• Perform reconciliation to maintain a complete and accurate third party book of record

• Translate regulatory requirements into program elements (SOC/SOX, Consumer Data Privacy and Protection)

Experience Required:

• Bachelor's Degree from an accredited university, advanced degree or relevant certifications (e.g. CISSP, CISM, etc.) preferred

• 11- 13 years of Third-Party Risk Management experience

• 11- 13years of Developing and managing supplier contracts experience

• 11- 13years of eGRC Archer/related  experience

• 11- 13years of Project Management experience

• Proven experience in cyber risk management, information security or related field, with a strong understanding of cybersecurity principles and practices

• Strong written and verbal communication skills with the ability to interact with all levels of the organization. 

• Strong influencing/negotiation skills. 

• Strong interpersonal/relationship management skills. 

• Strong time and project management skills. 

Experience Desired:

• Third Party Risk Management

• Cyber Risk Management

• Vendor Management

• Compliance/Privacy

• On-site Assessments/Audit

• Cyber Scorecards

Education and Training Required:

• Bachelor's Degree from an accredited university, advanced degree or relevant certifications (e.g. CISSP, CISM, etc.)

• CISA, CISSP, CISM, CTPRA, CTPRP, CRISC

Primary Skills:

• Cyber Security, Third Party Risk Management, Risk Management

About Evernorth Health Services