POSITION SUMMARY

Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain the technology attestation portfolio.  This individual will help create and maintain risk assessments to facilitate scoping. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction.  This individual will have an have a strong understanding of the SSAE 18 AICPA reporting standards and an understanding of compliance frameworks supported such as SOC1, SOC2 (Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles), NIST, HITRUST, HIPAA and GDPR.

ESSENTIAL FUNCTIONS

• Develop and maintain scoping documentation including system understanding, process flows, and system infrastructure diagrams for maintaining controls over competitively sensitive client information.
• Partner with Technology teams to develop access patterns that enable business users while maintaining policy compliance
• Lead a team implementing automation for access monitoring and driving automation of access monitoring controls
• Perform control alignment validation
• Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution
• Provide information for status reports and support stakeholder communications.
• Facilitate system and control understanding walkthrough meetings
• Update and maintain system and process narratives

Qualifications

• Bachelor’s degree in related field or equivalent work experience.
• Five to eight plus years of relevant experience, Public Accounting experience preferred.
• Strong technical background in network design and multi domain management.
• Experience with SOC2 audits over Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
• Experience with other compliance frameworks such as SOX, SOC1, PCI, NIST, HIPAA, and GDPR preferred to supplement SOC2.
• Ability to collaborate with control and technology owners to design and implement controls/processes that appropriately mitigate compliance risk.
• Microsoft Office and ability to adapt to ESI proprietary systems.
• Information technology risk management experience and proven ability to meet deadlines.
• Understanding of information risk management concepts.
• Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.
• Excellent verbal and written communication and presentation skills.
• Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
• Ability to develop process documentation.
• Experience working with ‘Agile’ framework for project management is a plus.

This position is not eligible to be performed in Colorado.

About Cigna

Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you’ll enjoy meaningful career experiences that enrich people’s lives. What difference will you make?

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.