Cigna

Cyber Security Senior Advisor - HIH - Evernorth

ABOUT EVERNORTH:

Evernorth℠ exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care,

we solve the problems others don’t, won’t or can’t.

Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference.

We are always looking upward. And that starts with finding the right talent to help us get there.

Product Security Strategy Senior Advisor

Position Summary:

We are seeking a highly skilled and experienced Product Security Strategy Senior Advisor, who will also act as a mentor to our team in HIH, to lead and mature our application and product security team. This role is pivotal in driving the overall maturity of our product security program, ensuring robust security measures are integrated into our development processes, and providing direct line management for team members in the HIH region. This individual will work on several of the largest technology initiatives for Evernorth, aimed at revolutionizing health services and the healthcare delivery system in the United States, utilizing the latest technologies and development techniques.

Job Description & Responsibilities:

• Lead and manage the product security strategy team, focusing on the overall maturity and effectiveness of the application and product security program.
• Act as the direct line manager for security team members in the HIH region, providing guidance, support, and career development.
• Develop and implement long-term strategic security initiatives to continuously improve our security posture and innovate within the product security space.
• Oversee and guide the development and implementation of secure software and systems architectures.
• Collaborate with cross-functional teams to identify security requirements and develop comprehensive security strategies.
• Conduct security assessments, threat modeling, and vulnerability analysis to ensure robust security measures are in place.
• Oversee product security incident response activities, ensuring timely and effective resolution of security incidents and incorporating lessons learned into future strategies.
• Foster strong communication and relationship-building skills to negotiate and influence across various levels of the organization.
• Ensure compliance with industry standards and regulatory requirements.
• Mentor and develop team members, promoting a culture of continuous learning and improvement.
• Drive the integration of security practices into all stages of the product development lifecycle.
• Maximize the security efficiency (operational, performance, and cost) of the application assets.
• Advocate for and implement innovative security solutions to address emerging threats and vulnerabilities.
• Lead efforts to standardize security practices across the organization, promoting consistency and best practices.
• Collaborate with external partners and industry groups to stay abreast of the latest security trends, threats, and technologies.

Experience Required:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• 13 years of experience in cybersecurity, with a focus on application and product security.
• Proven expertise in automating security solutions within development pipelines (CI/CD).
• Extensive experience in threat modeling, architecture reviews, and vulnerability management.
• Strong understanding of various pipeline touchpoints and integration methods.
• Cloud experience (AWS, Azure, Google Cloud, OCI) is highly desirable.
• Familiarity with modern security technologies, practices, and standards.
• Strong knowledge of secure software development practices and principles.
• Industry certifications such as CISSP, CISM, CEH, or similar are preferred.
• Excellent leadership and team management skills.
• Strong communication, relationship-building, and negotiation skills.
• Ability to work effectively in an Agile environment.

Experience Desired:

• Experience with security tools and platforms such as static analysis (SAST), dynamic analysis (DAST), and runtime application self-protection (RASP).
• Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security automation and orchestration.
• Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Shell scripting).
• Ability to manage and prioritize multiple projects in a fast-paced environment.

Education and Training Required:

• Advanced degree (Master’s or higher) in Computer Science, Information Security, or a related field.
• Relevant industry certifications.
• Additional training in secure software development, application security, and risk management is highly desirable.

Primary Skills:

• Advanced expertise in secure software development practices, application security, and security tool integration.
• Proficiency in Angular and Java for security-related software development and integration.

Additional Skills:

• Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
• Hands-on experience with application security frameworks and tools, including security automation and orchestration.

Equal Opportunity Statement

Evernorth is an Equal Opportunity Employer actively encouraging and supporting organization-wide involvement of staff in diversity, equity, and inclusion efforts to educate, inform and advance both internal practices and external work with diverse client populations.

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.