Cyber Security Senior Manager [T500-11799]

Information Protection Senior ManagerJob Objective: The Information Protection Senior Manager is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization. This role will support in enforcing standard information protection controls through infrastructure, application and third party security assessments. Balance multiple project priorities appropriately. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits.Support the Regional Information Security Officer (RISO) on dashboard reporting, coordination of incident responses, risk assessments and CIP led initiatives. Assist the RISO with the overall direction and strategy of the Information Security function in collaboration with the CISO's leadership team.Strategically you will be responsible for delivery of the 'last mile execution' of all Cigna Information Protection global Shared Services, developing and measuring capabilities whilst running subsequent risk mitigation Cyber Information Security Management programs.Job Description:Infrastructure / Application reviews:Min. 10+ years of experience in Information Security / Cyber or related risk management experience.Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat driversPerforms focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancementsCommunicates risk assessment findings to information security "customers," or business partners. Explore risk mitigation controlsServes as an information security expert and trusted advisor to partners in IT and the businessEvaluate compliance of operation processes with Information Protection policies and related government regulationsIdentifies and implements appropriate controls to effectively manage information risks as neededIdentifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual riskMaintains strong working relationships with individuals and groups involved in managing information risks across the organizationStays abreast of current and emerging security threats and designs security architectures to mitigate themService Partner Security Assessment:Plan and perform site reviews of physical and IT facilities, measuring actual conditions against submitted responses. Evaluate IT processes to ensure effective information protection is practiced. Produce site visit reports with improvement recommendation. Track improvement efforts until closurePerform general walkthrough evaluations of new facilities and processes under consideration. Provide recommendation to businessMeet with vendors and employees to resolve or track compliance issuesAttend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issuesReview any regular security reports for abnormalityWork with supplier chain management on contracts to include security termsEscalation to the fellow CIP team on security issues related to service partnersSupport the Regional Information Security Officer:Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standardsWork with the RISO on managing security incidentsRegular risk & activity reportingIssue tracking with local security teamsReview and approval of application/infrastructure changes in terms of securityCoordinate CIP initiatives with other countries as requiredMaintain strong working relationships with individuals and groups involved in managing information risks across the organizationPartner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat driversStay abreast of current and emerging security threats and security architectures to mitigate the threatsRecruit and develop talent that will drive the organization to higher performanceSkills Needed:Ability to multitask and timely executeAbility to grasp and understand complicated relationshipsProven Communication skills, able to write and verbally communicate effectivelyOrganizational courage to escalate and resolve risk issuesSupport the end-to-end security technology posture, including end-point, network, mail, perimeterTechnical depth and working knowledge in networking, desktop, server, storage, software-defined-networking, virtualization and application domainsEffectively manage penetration testing (white box and black box) and elevate Red Team and Blue Team methodology for the regionAssists with optimizing and maintaining a 24x7 Global Security Operations Center (G-SOC) and Security Information Event Monitoring (SIEM) Experience leading teams of over 3-5 employeesMaintain a constructive, team-oriented and customer-focused attitude at all times and in all settingsRecruit and develop talent that will drive the organization to higher performanceStay abreast of technological advances and continuously research better ways to accomplish tasks, and integrate new security technologiesProactively update skill set in support of technology integration and designFlexible can adapt to changing organization changing business needs, technological advances and agile methodologyDemonstrates technical skills in infrastructure, application and third party security assessments. Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Experience with process and change management, reporting and incident handlingExperience with assessing and mitigating riskExperience with contracting and negotiationsHealth Insurance or Health Care Industry experience is a plusTravel required, approximately 10%Qualifications:BS degree or equivalent experienceCISSP, CISA, CISM, CRISC or similar certifications required Experience and working knowledge of HIPPA, PCI DSS & ISO 27001 certification is a plusBroad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, IT & physical controlsQualified candidates will typically have 8+ of professional IT experience work experience, with 3+ years of experience in a leadership type role, and 5 years in information security.Experience leading teams of over 3-5 employeesStrong written and spoken English skills, Demonstrated ability to communicate at high levels, both verbally and in reporting A manager who regularly brings and seeks new ideas, insights and knowledge, and drives the organization to implement new programs and solutionsThe ability to think strategically as well as successfully implement tactical plansStrong interpersonal, people development and management skills; motivating others with high expectations and clear performance expectationsAble to inspire, motivate and lead diverse teams and the organization. A strong manager who energizes and empowers the team. Strong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challengesAbility to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment PRB