Information Protection Senior Advisor

Information Protection Senior Advisor - HIH - Evernorth

ABOUT EVERNORTH: 

Evernorth℠ exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care,
we solve the problems others don't, won't or can't. 

Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference.

We are always looking upward. And that starts with finding the right talent to help us get there.
 

Position Summary: 

We are looking for a highly skilled Product Security Senior Advisor to join our team, focusing on security strategy, architecture, and implementation across our enterprise systems and product development lifecycle. This role will work directly with cross-functional teams to integrate security tools within our development pipelines, ensuring robust security measures are in place across our products and applications. This role is hands-on and strategic-requiring deep technical expertise, strong cross-functional collaboration, and the ability to manage and influence security initiatives across product, engineering and operations teams. This individual will contribute to major technology initiatives aimed at revolutionizing health services and the healthcare delivery system working from HIH.

Experience Required: 

• years of experience in cybersecurity, with a focus on application and product security
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Proven expertise in automating security solutions within development pipelines (CI/CD)
• Design and Implement automation workflows to secure systems, applications and infrastructure.
• Integrate security testing and compliance checks into build workflows (GitHub Actions, GitLab, CI/CD, Jenkins, ArgoCD, Tekton)
• Strong understanding of modern software delivery, DevSecOps, Cloud, and Infrastructure-as-code.
• Proven ability to collaborate cross-functionally with Product, Engineering, and IT teams.
• Partner with Product Managers and Engineering Leads to embed security early in the product and application lifecycle.
• Translate technical risks into business impact and recommend actionable mitigations.
• Support audits and compliance efforts related to SOC 2, HIPAA, or GDPR.
• Develop and maintain security policies, procedures, and documentation and adhere to the Enterprise standards and compliance.
• Strong understanding of various pipeline touchpoints and integration methods.
• Cloud experience (AWS, Azure, Google Cloud) is highly desirable.
• Familiarity with modern security technologies, practices, and standards.
• Strong knowledge of secure software development practices and principles.
• Experience in managing the scrum process (e.g., Jira projects, Kanban board etc)
• Excellent leadership and team management skills.
• Strong communication, relationship-building, and negotiation skills.
• Ability to work effectively in an Agile environment.
•    Strong presentation, documentation and analytical reporting skills and expert in using Mural, Visio, Tableau, Advanced Excel features, PowerPoint, MS Project, PowerBI and other such tools.

Job Description & Responsibilities: 

• Collaborate daily with development teams to identify and address security needs.
• Design, develop, and implement automated security solutions within CI/CD pipelines.
• Assist in the architectural design and implementation of secure software and systems.
• Understand security assessments, threat modeling, and vulnerability analysis to ensure robust security measures.
• Develop and maintain security testing services and tools to support secure development practices.
• Provide technical guidance and support to development teams on security best practices.
• Stay updated on the latest security trends, threats, and technologies to continuously improve our security posture.
• Foster strong communication and collaborative relationships with development teams to promote a culture of security.
• Ensure compliance with industry standards and regulatory requirements.
• Minimum 2 years of experience in managing the teams, scrum and project management skills.
• Maximize the security efficiency (operational, performance, and cost) of application assets.
• Cultivate strong cross-functional relationships to promote a culture of security throughout the organization.
• Optimize the security efficiency of application assets, focusing on operational, performance, and cost considerations

Experience Desired: 

• Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security automation and orchestration.
• Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Ansible, Shell scripting).
• Experience in managing teams, projects and scrum meetings.
• Knowledge of SDLC, ITIL, Operational process and tools (e.g., ServiceNow), Microsoft Office 365.
• Good knowledge of Sec Arch, Vulnerability Management, Cloud Security, and ASPM tools.
• Stay current on emerging threats, vulnerabilities, and security technologies
• Ability to manage and prioritize multiple projects in a fast-paced environment.

Education and Training Required:

• Advanced degree (Master's or higher) in Computer Science, Information Security, or a related field.
• Relevant certifications (e.g., CISSP, OSCP, CEH, AWS/Azure Cloud Security Practitioner)
• Additional training in secure software development, application security, and risk management is highly desirable.

Additional Skills: 

• Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
• Managing projects in Jira, running scrums and communicating the status to the leaders.
• Hands-on experience with application security frameworks and tools, including security automation and orchestration. 

Project Management:

• Lead and manage cybersecurity projects from initiation to completion, ensuring they are delivered on time.
• Develop detailed project plans, including timelines, milestones, and resource allocation.
• Coordinate with cross-functional teams, stakeholders, and vendors to ensure project objectives are met.
• Monitor and report on project progress, addressing any issues or risks that may arise

Why Join Us?

• Contribute to a high-impact security automation initiative at a strategic level.
• Work with cutting-edge security and cloud technologies.
• Collaborate with top security and engineering teams to drive automation and efficiency.

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.