Information Protection Senior Advisor

Information Protection Senior Advisor - HIH - Evernorth

ABOUT EVERNORTH:

Evernorth exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care,
we solve the problems others don t, won t or can t.

Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference.

We are always looking upward. And that starts with finding the right talent to help us get there.

Position Summary:

We are looking for a highly skilled Information Protection Senior Advisor to join our team, focusing on automation engineering initiatives to drive efficiency and reducing manual effort across the organization. In this role, you will work directly interact with application or product teams and cross-functional teams to identify automation opportunities, design and deliver scalable, resilient, and secure solutions that optimize our internal processes and support Cigna s overarching security goals. You will involve in the design, development, enhancement, and maintenance of Cyber security initiatives like intake system, automating workflows . This individual will contribute to major technology initiatives aimed at revolutionizing health services and the ability to influence security tools integrations within the healthcare delivery system working from HIH

Experience Required:

Involve in the design, development, enhancement, and maintenance of Cyber security initiatives like intake system, automating workflows - focusing on automation security engineering team.

• 13 - 16 years of experience in cybersecurity, with a focus on application and product security
• Bachelor s or Master s degree in Computer Science, Information Security, or a related field.
• Proven expertise in automating security solutions within development pipelines (CI/CD)
• Solid understanding of Object-Oriented Programming (OOP), Design Patterns, Data Structures, and Web Standards.
• Extensive application development experience with Java, NodeJS, or Python.
• Strong experience developing RESTful web services, Event-Driven Architecture and caching frameworks.
• Experience with Java/Spring Boot or NodeJS Express frameworks.
• Experience working with SQL and NoSQL databases.
• Familiarity with Governance, Risk, and Compliance tools and processes.
• Experience in integration of security testing and compliance checks into build workflows (GitHub Actions, GitLab, CI/CD, Jenkins, ArgoCD, Tekton)
• Conduct threat modelling, code reviews, and vulnerability assessments for applications and infrastructure.
• Collaborate with development teams to implement secure coding best practices.
• Develop and maintain security policies, procedures, and documentation and adhere to the Enterprise standards.
• Strong understanding of various pipeline touchpoints and integration methods.
• Cloud experience (AWS, Azure, Google Cloud), Containers, and Kubernetes is highly desirable.
• Familiarity with modern security technologies, practices, and standards.
• Strong knowledge of secure software development practices and principles.
• Ability to work effectively in an Agile environment.
• Expertise in API development for automation and workflow integrations (eg. ASPM Orchestrator and developer reporting platform)
• Extensive experience with development, DevSecOps, and build automation tools such as Jenkins, Maven, GitHub, GitLab, IDEs, Docker, Kubernetes, OpenShift, Java, JavaScript, Node. js, Python, Shell Scripting, and MySQL or other database management tools.

Job Description & Responsibilities:

• This role requires directly working with developers and cross-functional teams to integrate systems within our organization, ensuring robust security measures are in place across our products and applications.
• Lead strategic collaboration with internal teams to embed security and compliance into workflows, proactively identifying opportunities for automation to streamline processes and reduce manual workloads.
• Proven experience in medium-to-large-scale web development projects.
• Ability to develop across the full technology stack, from front-end to back-end.
• Skilled in designing and developing next-generation RESTful APIs and event-driven services within a distributed architecture.
• Experience working in Agile development teams and adhering to Agile methodologies.
• A proven track record of working on multiple system integrations. The ideal candidate will excel in guiding complex automation projects, troubleshooting advanced issues, and partnering with cross functional teams to deliver successfully.
• You will engineer and maintain the intake system, ensuring scalability and reliability, while continuously improving the intake process for handling enhancements and maintenance requests.
• Build automation to scale operational triaging, routing requests to the appropriate teams for timely and efficient response and remediation.
• Develop, deploy, and maintain developer reporting platform/mechanisms for security risks identified in non-production environments and lead efforts to drive remediation and risk reduction of non-production security findings.
• Cultivate strong cross-functional relationships to promote a culture of security throughout the organization.
• Optimize the security efficiency of application assets, focusing on operational, performance, and cost considerations

Experience Desired:

• Knowledge of regulatory and compliance frameworks (e. g. , GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security automation and orchestration.
• Proficiency in programming and scripting languages relevant to security (e. g. , Python, Java, Ansible, Shell scripting), Cloud and Kubernetes.
• Good knowledge of Sec Arch, Vulnerability Management, Cloud Security, and ASPM tools.
• Ability to manage and prioritize multiple projects in a fast-paced environment.

Education and Training Required:

• Advanced degree (Master s or higher) in Computer Science, Information Security, or a related field.
• Relevant certifications (e. g. , CISSP, CISM, OSCP, CEH, AWS/Azure Cloud Security Practitioner)
• Additional training in secure software development, application security, and risk management is highly desirable.

Additional Skills:

• Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
• Continuous process improvements by identifying areas to reduce manual effort and increase security efficiency.
• Hands-on experience with application security frameworks and tools, including security automation and orchestration.

Why Join Us

• Contribute to a high-impact security automation initiative at a strategic level.
• Work with cutting-edge security and cloud technologies.
• Collaborate with top security and engineering teams to drive automation and efficiency.

About Evernorth Health Services