As a member of the Infrastructure Governance and Compliance (IGC) team, the Senior Advisor role will be responsible for the enterprise wide Governance and Compliance of all applicable standards and controls. The Senior Advisor will partner with Infrastructure leadership to close gaps and implement controls-based processes, as well as respond to inquiries from our partner organizations. These partners include, but are not limited to Information Protection, Global Risk Management and Internal Audit. The Senior Advisor will also be responsible for implementing the strategic direction set by IGC leadership and develop the processes to integrate risk related work streams. This position will also align with strategic objectives and standards as they evolve to meet various business and security needs.
Responsibilities:
Support the IGC operating model to ensure all applicable standards and controls are followed.
Partner with Infrastructure leadership teams to close gaps and implement controls-based processes.
Work with various Infrastructure operational teams to drive security and policy compliance, and drive remediation items to closure.
Identify and investigate compliance procedures and potential issues and provide recommendations of risk-reduction solutions and necessary follow up actions
Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and their leadership regarding the open items.
Work with, and assist CIP leads to enable communication for policy enforcement with peer organizations
Provide briefings and reports to team members and senior leadership regarding the risks to the organization
Monitor contractual agreements of all Suppliers working with the various Infrastructure teams
Ensure the Suppliers follow standards and guidelines and monitor progress
Check satisfaction level of the teams supported by the suppliers, to ensure expectations are met, and take corrective actions as needed to improve performance and throughput
Assist Identity and Access Management team and Audit teams with various SOX/SOC audits
Qualifications:
Strong understanding of and experience with SOX/SOC1/SOC2 audits
Good understanding of cybersecurity protocols i.e. NIST, CIS, ISO
Strong understanding and ability to assess business and operations risks, vulnerability management, asset management and business continuity, conduct audits to ensure adherence to standards and identify compliance issues.
Must be able to multi-task and work independently on moderate to complex assignments using independent professional discretion and judgment as well as transition quickly between projects with minimal supervision
Ability to communicate effectively, both orally and in writing, with senior management staff, information systems professionals, and technical and non-technical users
Ability to maintain effective working relationships with colleagues, users, contractors, and vendors
Strong relationship skills for working with vendors and stakeholders, have a broad range of communication skills, problem-solving, leadership, accommodation, flexibility, support and understanding.
Knowledge-able on risk management (internally and with vendor) - analyze, anticipate and balance risks and responses
Good command over legal agreements, contracts, liability, intellectual property, assets ownership, international laws
Strong understanding of financial skills, analysis and ability to compare project budgets and costs
Good knowledge of operational processes and procedures, including vendor structure and supply chain management
Ability to work with multiple stakeholders inside own company and client organizations
Analytics and reporting experience
Demonstrated ability to work in a team environment both in-person and remotely
Ability to effectively prioritize tasks and work independently with minimal daily management interaction
Excellent written and verbal communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with peers, IT management and senior leaders
Ability to operate and contribute effectively as a remote member of a global audit, governance and compliance team
Ability to obtain a strong understanding of the technical details involved in audit involving various operating systems, applications and networking protocols
About Cigna
Cigna Corporation (NYSE: CI) is a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. We offer an integrated suite of health services through Cigna, Express Scripts, and our affiliates including medical, dental, behavioral health, pharmacy, vision, supplemental benefits, and other related products. Together, with our 74,000 employees worldwide, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation.
When you work with Cigna, you'll enjoy meaningful career experiences that enrich people's lives while working together to make the world a healthier place. What difference will you make? To see our culture in action, search #TeamCigna on Instagram.
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.