It's fun to work in a company where people truly BELIEVE in what they are doing!
We're committed to bringing passion and customer focus to the business.
The Government Chief Information Security Officer (GCISO) is a key leader in the company's Information Technology (IT) organization, providing assistance to the Chief Information Security Officer with responsibility for the Government's business unit cyber security program. This is a highly visible role, supervising all security technology solutions across the company's international market space. As a business driven organization, the Government CISO will be responsible for helping to transform the organization's structure, talent, technology and processes to effectively manage risk, while remaining current with the evolving threat landscape. It will be imperative to strategically leverage technology, process and talent to protect the confidentiality, integrity and availability of information for our customers, clients and employees.
Having the ability to develop strong relationships with business leaders across the enterprise is a critical component to the success of the individual chosen to lead this function. The Government CISO will leverage a "defense in depth" framework as the guiding principle.
The Government Chief Information Security Officer will report to the Chief Information Security Officer and will oversee a team of security employees and contractors and manage the budget for the department. The GCISO will maintain a direct relationship with the other business unit CISOs.
Specific responsibilities include (but are not limited to) the following:
Responsible for overseeing day-to-day cyber security operations across the Government Market's business units
Assists with the overall direction and strategy of the Information Security function in collaboration with the CISO's leadership team, the CIO's leadership team and the Enterprise Leadership Team.
Determines, builds and optimizes effective security and privacy governance to ensure complete security of Company's data
Leverages services and best practices from the Cyber Security Department, including Identity and Access Management, Global Security Operations Center (G-SOC), Incident Response, Security Solution Engineering, and Governance & Project Delivery teams globally
Assists with determining security product and architecture currency to remain relevant to evolving threat landscape and respond swiftly to mitigate exposure to new threats and vulnerabilities
Design and implement third-party secure connectivity models in compliance with current standards
Responsible for iterative application, infrastructure and 3rd party risk assessments
Accountable for the end-to-end security technology posture, including end-point, network, mail, perimeter, etc.
Technical depth and working knowledge in networking, desktop, server, storage, software-defined-networking, virtualization and application domains
Effectively manage penetration testing (white box and black box) and elevate Red Team and Blue Team methodology for the region
Assists with optimizing and maintaining a 24x7 Global Security Operations Center (G-SOC) and Security Information Event Monitoring (SIEM)
Partner with peer delivery organizations within IT to drive secure solutions without being a road-block
Lead strategic technology planning to achieve business goals, including the ability to articulate ideas to both technical and non-technical groups, and business case justifications for technology and security spending initiatives
Establish and maintain a strong partnership with Information Technology peers, enterprise risk management, privacy, audit and other leaders throughout the business to support the development and implementation strategies that adhere to the enterprise risk tolerance.
Lead the evaluation, deployment and management of current and future technologies including the development and implementation to support a global follow-the-sun security operations model
Analyze and improve upon existing security standards across the organization to maintain a competitive edge within the market and remain current to the changing threat landscape
Partner with regional internal/external clients to ensure a high degree of system security
Stay abreast of technological advances and continuously research better ways to accomplish tasks, and integrate new security technologies
Proactively update skill set in support of technology integration and design
Maintain a constructive, team-oriented and customer-focused attitude at all times and in all settings
Recruit and develop talent that will drive the organization to higher performance
Bachelor's degree with emphasis in MIS, Computer Science or other computer/ business related discipline. Graduate degree preferable.
A minimum of 10-15 years of experience in information security or risk management including CISSP, CISM, CISA or similar certifications preferred.
Exceptional leadership, managerial and administrative skills.
Ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business including Audit, Compliance, Trustees and other executive stakeholders
Ability to effectively lead change and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Sound judgment and ability to effectively balance information risk controls with business productivity and growth.
Ability to communicate technical information to diverse audiences that include senior management including current and emerging digital security trends and directions.
Broad knowledge of current and emerging information technology industry trends and directions including common information security management frameworks, such as NIST, ISO, HITRUST and COBIT
Progressive career track including experience as a senior level information technology leader in an organization with at least $30 billion in revenue and experience leading teams of over 50 employees is preferred.
Proven track record of exceeding goals and a bottom-line orientation; evidence of the ability to consistently make good decisions through a combination of analysis, wisdom, experience, and judgment.
Exceptional capacity for managing and leading people; a team builder who has the capacity to develop and empower team members and learn the strengths and weaknesses of the team so as to put people in a position to succeed.
Understanding of regulatory / standards such as HIPPA and PCI DSS
Understand risk management life cycles
Qualified applicants will be considered without regard to race, color, age, disability, sex (including pregnancy), childbirth or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require an accommodation based on your physical or mental disability please email: SeeYourself@cigna.com. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.