Job Objective:
The Information Protection Senior Advisor is responsible for conducting research, conceptualizing, designing, developing, and testing secure technology systems, including on perimeter and cloud-based networks to support to Cignas Information Protection Middle East and Africa (MEA) team. This role directly supports the MEA Portfolio covering 34x operational entities across 22x countries ensuring that security requirements are adequately addressed safeguarding the protection of sensitive policyholder data, claims information, and financial transactions.
Reporting to the Head of Cyber Security Middle East & Africa, you will develop and enforce security strategies that mitigate cyber threats, protect against fraud, and ensure business continuity in a highly regulated health insurance environment. You will be required to design, implement, and oversee the security infrastructure for our business platforms in accordance with Cigna Information Protection (CIP) security architecture framework.
In this role, you will work closely with CIP Architecture and Engineering, Risk Management, and Compliance teams to build secure architectures that align with internal and regulatory requirements such as SAMA CSF (KSA), ADHICS (UAE), GDPR, HIPAA, and PCI DSS.
Job Description:
- 13-16 years of experience in a Cyber Security Design and Development role.
- Partners with the CIP MEA leadership team to develop a regional strategy and operational plan to deliver CIP shared services to the business.
- Perform security reviews using CIP or Industry standards (NIST, ISO etc) to identify gaps in security architecture and controls as part of a MEA cybersecurity risk management plan.
- Develop and Integrate cybersecurity designs for systems and networks that require processing of multiple data classification levels
- Determine if systems and architecture are consistent with CIPs Secure Baselines and Global Security Architecture Requirements.
- Ensure secure third-party vendor integrations (e.g., Fronting Partners, Third Party Administrators, regulatory entities, payment processors and healthcare providers).
- Advise on security requirements to be included in statements of work for Cigna or JV partners procuring new technology services.
- Determine and Document the impact of new system and interface implementations on the cybersecurity posture of Cigna or a JV partner.
- Partners with the business to evaluate and translate functional requirements and integrating security policies into technical solutions.
- Performs comprehensive technology research to evaluate potential solutions across cyberspace systems relevant for the MEA region including Joint Venture (JV) partners.
- Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements.
- Maintains strong working relationships with individuals and groups involved in managing security architecture engineering and technology risks across the organization
- Stays abreast of current and emerging security threats and designs security architectures to mitigate them
Skills Needed:
- Ability to analyze an organizations enterprise information technology architecture
- Ability to apply secure network architectures and security controls into proposed solutions
- Ability to identify cybersecurity or privacy issues in external or partner connections
- Ability to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environments
- Ability to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects.
- Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data).
- Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans.
- Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domains
- Proven communication skills, able to write and verbally communicate complex concepts
- Proven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodology
- Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security
- Health Insurance or Health Care Industry experience is a plus
- Travel required, approximately 10%
Qualifications:
- Bachelors or Masters in Cybersecurity, Computer Science, or Information Security.
- Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development role
- CISSP, CISM, CCSP, CRISC or similar certifications required
- Expertise in encryption, network security, cloud security, application security and endpoint protection.
- Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors.
- Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)
- Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plus
- Strong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reporting
- Strong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challenges
- Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment
