Director information protection – MEA

Job Description

<br><br><strong>Job Description<br><br></strong>The Cigna Information Protection, Director for Middle East &amp; Africa operations and CISO of a key Cigna Group entity(s) in MEA, is a key leadership business facing position with primary focus is to act as conduit between the Cigna Information Protection organizational goals and business line interests. Acting as the primary delegate for the business line International Markets Chief Information Security Officer, you will oversee the development and execution of the Cyber / Information Security Strategy at a granular level.<br><br>Strategically you will be responsible for delivery of the ‘last mile execution’ of all Cigna Information Protection global Shared Services, developing and measuring capabilities whilst running subsequent risk mitigation Cyber Information Security Management programs.<br><br>Being the local information security evangelist and expert, you will focus on local stakeholder business management and also wider stakeholders such as regulators, clients and external parties.<br><br>You will work to establish public-private-partnership information security thought leadership programs for our Cigna Healthcare International health internal and external ecosystem. In the communities in which we live and work, our CIP International Health team is investing to establish community and industry collaboration platforms dedicated to improving health and wellness of our customers and communities we serve.<br><br><strong>Key Responsibilities<br><br></strong><ul><li>Perform as Cigna Information Protection Director and Regional Information Security Officer for Middle East &amp; Africa.</li><li>Perform as Chief Information Security Officer for specific MENA entity(s) in market</li><li>Partner with the CTO for MEA/APAC and key technology and business stakeholders to maximize business operations growth and minimize the operational risk to Middle East &amp; Africa markets, educate and integrate risk management activities in first and second line of defense governance.</li><li>Establish and foster a strong working relationship with MEA country regulatory and government authorities to support Cigna’s world-leading operations for the region.</li><li>Monitor and manage the security assurance of infrastructure hosting environments within MEA market(s), including LAN rooms and Data Center hosting.</li><li>Lead localized Controls Assurance activities, define and track effectively control testing and remediation risks for local business line. Coordinate Shared Service benchmarking exercises (NIST etc.) using Cigna Information Protection standards.</li><li>Partner with business line / and market technology stakeholders to educate and integrate risk management activities in first and second line of defense governance.</li><li>Monitor and manage local cyber and information protection awareness and education efforts to minimize the risk to Cigna  people and workforce</li><li>Coordinate with Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making.</li><li>Liaise across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate.</li><li>Embed secure development practices, working with local business and technology teams to implement enterprise tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities.</li><li>Establish Public-Private-Partnership collaboration and thought leadership opportunities for the cyber domain.</li><li>Manage all external local client and regularity engagements, including fielding queries, regulatory &amp; compliance submissions in conjunction with matrix Cigna Information Protection Shared Service Partners and governance stakeholders, legal, compliance and data privacy.</li><li>Lead localized Controls Assurance activities, define and track effectively control testing and remediation risks for local business line. Coordinate Shared Service benchmarking exercises (NIST etc.) using Cigna Information Protection standards.</li><li>Leverage the Enterprise Risk Management framework, perform focused localized risk assessments of existing or new services and technologies in line with policies and standards, and manage the risk exceptions process. Develop residual risk registers and integrate into Shared Service Integrated Risk Management Framework.</li><li>Coordinate the local delivery of global Cyber &amp; Privacy portfolio risk mitigation projects and programs into business line / region. Conversely feed the portfolio by registering local business line residual risk outputs driving controls mitigation activity.</li><li>Evolve Cigna Information Protection security policies and processes, aligning to local business requirements and operate the policy exceptions management process. Coordinate security education &amp; awareness initiatives in line with policy framework, integrate with the Shared Service overall thematic awareness program.</li><li>Coordinate with Global Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making.</li><li>Develop organizational wide Cyber / Information Security risk views by collaborating with internal control groups e.g. Audit, Compliance, Enterprise Risk Management, Legal and Privacy.</li><li>Liaise across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate.</li><li>Embed secure development practices, working with local business and technology teams to implement enterprise tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities.</li><li>Run localized Infrastructure, Application and Cloud evaluations / assessments against agreed security patterns and pre-production scanning processes to reduce production vulnerabilities. Integrate residual risk outputs in local and Shared Services governance.</li><li>Champion local incident responses &amp; handling processes, provide business context and local expertise in incident scenarios. Coordinate with Shared Service owner to manage local incident management post mortem activities and track residual findings to resolution. Maintain and manage local regulatory incident response reporting requirements. Engage with Shared Services to carry out forensics security investigations work integrating processes with business and legal / compliance stakeholders.</li><li>Develop viable business cases to grow cybersecurity functions based upon cyber risk and information security controls gaps identified.</li><li>Support the other Cigna International Health regional operations to establish CIP International Health standards and processes as needed</li><li>Report to the Head of Information Security and Deputy CISO for Cigna Information Protection for Cigna Healthcare International Health.<br><br></li></ul><strong>Desirable Skills and Experience<br><br></strong><ul><li>Strong communication skills, able to positively influence and quickly establish working relationships with multiple leaders across a highly matrixed multinational organization</li><li>10 years of experience managing and leading a high performing cybersecurity functions</li><li>Demonstrated experience leading a cybersecurity function(s) within a matrixed organization within the Middle East &amp; North Africa</li><li>Experience working for 5 years as a leader in the Middle Eas<br>t &amp; North Africa region with a working understanding of Government regulation related to Privacy, Information Security and Cybersecurity national policy and requirements</li><li>Qualifications including, CISSP, CISM, CISA, CRISC or other industry accepted information security certification and qualifications<br><br></li></ul><strong>About Cigna Healthcare<br><br></strong>Cigna Healthcare, a division of The Cigna Group, is an advocate for better health through every stage of life. We guide our customers through the health care system, empowering them with the information and insight they need to make the best choices for improving their health and vitality. Join us in driving growth and improving lives.<br><br><em>Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.<br><br></em><em>If</em><em> you require reasonable accommodation in completing the online application process, please email: SeeYourselfEMEA@cigna.com for support. Do not email SeeYourselfEMEA@cigna.com for an update on your application or to provide your resume as you will not receive a response.<br><br></em>