About Evernorth:
Evernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.
Job Title: Information Protection Senior Analyst
Job Description Summary:
The Information Protection Senior Analyst is responsible for providing general technical, operational and risk management support to Cigna's Information Protection (CIP) Middle East and Africa (MEA) team. This role will support in enforcing standard information protection controls through infrastructure, application and third-party security assessments. Work with the Cigna Information Protection team as required to support vulnerability assessments, assisting with penetration tests, tracking and remediation of findings.
This role will work closely with the CIP MEA team to identify, evaluate, and remediate potential weaknesses in Cignas systems, using both manual and automated methods. In addition, this role will support the dashboard reporting, coordination of incident responses, risk assessments and other CIP led initiatives.
About Evernorth:
Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we dont just care about your wellbeing, we care about your career health too. Thats why, when you work with us, you can count on a different kind of career youll make a difference, learn a ton, and share in changing the way people think about healthcare.
Responsibilities:
- Perform regular risk & activity reporting on Key Risk Indicators (KRI) and Key Performance Indicators (KPI)
- Perform issue tracking and resolution with local security teams
- Work with CIP MEA team and key stakeholders to managing security incidents relevant to the MEA region
- Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standards
- Assist in the review and approval of application/infrastructure changes in terms of security
- Assist in the creation of comprehensive and accurate security reports with recommendations for appropriate remediation and communicate risk findings with development and infrastructure teams.
- Assist in the review and development of local CIP policies , standards and guidelines
- Assist in the conduct of regulatory and internal audits as required
- Assist CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
- Maintain strong working relationships with individuals and groups involved in managing information risks across the organization
- Stay abreast of current and emerging security threats and security architectures to mitigate the threats
Skills required:
- Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment.
- Demonstrated ability to identify cyber security risks and develop treatment plans working with key stakeholders
- Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities.
- Knowledge of Windows and *nix-based operating systems.
- Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model.
- Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.).
- Understanding of Cloud environments such as SaaS, PaaS and IaaS.
- Understanding of OWASP.
- Knowledge of networking fundamentals and common attacks.
- Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations.
Qualifications:
- High School diploma; Bachelor's degree preferred.
- Qualified candidates will typically have 3 to 5+ years of professional IT experience work experience 4 years or more of security operations or security governance, risk and compliance experience.
- CISSP, CRISC or similar certifications desired
- Passionate about security and finding new ways to protect systems as well as break them
- Strong analytical and problem solving skills, with the ability to think outside the box.
- Ability to work in a flexible environment where requirements and procedures continuously evolve.
- Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.
