You will be joining Cigna Information Protection (CIP) International Health as the Cybersecurity Senior Advisor . This position is to be based in our Singapore office.

　　This is a key business facing position with primary focus to reduce the information and cybersecurity risk for the entity and its connected ecosystem. Reporting to the Regional Information Security Officer for the Asia Pacific Region, you will support the development and execution of cyber risk mitigation, workforce security awareness, and business resilience activity, supplier security assurance, risk reporting and act as the primary market trusted advisor to the business leadership.

　　While working to enable business growth in Asia Pacific’s highly aspirational and rapidly evolving digital landscape, you will be responsible for building partnering with the business leadership and technology leadership (Chief Operating Officer, Head of Technology), to minimize cyber risk in support of the business strategic priorities.

　　The position also ensures that threats and vulnerabilities to the organization's business systems and applications (both in-house and cloud-based) are minimized. The position monitors overall compliance with security standards and conducts periodic security audits using techniques such as ethical hacking and penetration testing. The position provides project management, work direction and troubleshooting for lower-level Information Security engineers.

　　Being the local information security evangelist and expert, you will focus on local stakeholder business management and also wider stakeholders such as regulators, clients and external parties.

　　Key Responsibilities

　　Performs as the Cybersecurity Senior Advisor for Cigna Information Protection International Health.

　　Act as local subject matter expert and trusted advisor on Information Protection security policies and processes, aligning to local business requirements and operate the policy exceptions management process.

　　Monitor and manage the security assurance of infrastructure hosting environments within Asia Pacific locations, including LAN rooms and applicable Data Center hosting.

　　Partner and seek guidance from the business, technology functions and the Regional Information Security Officer (RISO) for APAC, to:

　　establish and maintain entity information security policies and standards in-line with Group policies and market regulatory policies and requirements.

　　establish and maintain an asset inventory that support security detection, response and assurance activity.

　　establish and maintain a cyber risk management program to identify, assessment, manage and monitor deficiencies in security controls and opportunities for business enablement. Including partnering with business and technology stakeholders to educate and integrate risk management activities in first and second line of defense governance.

　　facilitate localized Controls Assurance activities, define and track effectively control testing and remediation risks for local business line. Coordinate Shared Service benchmarking exercises (NIST etc.) using Cigna Information Protection standards.

　　establish and maintain a vulnerability management program to identify vulnerabilities in entity and supplier partner critical assets.

　　establish and maintain a best practice security program to cover product development (security development lifecycle), and security in technology change management. Including embedding secure development practices, working with local business and technology teams to implement enterprise and Group tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities.

　　establish and maintain a best practice security program for supplier security assurance. Including liaising across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate.

　　establish and maintain a Security Operations and Incident Response processes and playbooks, and practice to contain malicious and accidental outage and threat events. Including Champion local incident responses & handling processes, provide business context and local expertise in incident scenarios. Coordinate with Shared Service owner to manage local incident management post-mortem activities and track residual findings to resolution. Maintain and manage local regulatory incident response reporting requirements. Engage with Shared Services to carry out forensics security investigations work integrating processes with business and legal / compliance stakeholders.

　　establish and maintain, a cyber security awareness program minimize the risk to Cigna people and workforce (including phishing simulation and awareness programs)

　　establish and facilitate a cyber and information security risk dashboard and forum. Including developing organizational wide Cyber / Information Security risk views by collaborating with internal control groups e.g., Audit, Compliance, Enterprise Risk Management, Legal and Privacy.

　　Support, plan and coordinate business and technology stakeholder support to internal and external audit examinations and surveys relating to cyber and information security controls.

　　Partner with the entity COO, Head of Compliance, and Technology functional leads to educate and integrate risk management activities in first and second line of defense governance.

　　Coordinate with Global Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making.

　　Support the development of viable business cases based upon cyber risk and information security controls gaps identified.

　　Support the Regional Information Security Officer for APAC, to establish Public-Private-Partnership collaboration and thought leadership opportunities to help uplift the APAC digital external cross-industry and community ecosystem.

　　Timely escalation of business, technology challenges and risks to the Regional Information Security Officer, APAC and local business leaders.

　　Desirable

　　At least 8 years’ experience working in a cyber security or risk management. Those with less experience will be considered for other roles.

　　Familiarity with APAC cybersecurity and privacy regulations

　　Prefer working familiarity of Financial services or Healthcare sector

　　Essential

　　Strong TEAM player

　　Strong verbal and written English-language skills. Mandarin is an advantage.

　　Strong stakeholder engagement and communication skills

　　Needs to be able to work autonomously, knowing when to escalate in a timely manner to minimize risk to the business and technology assets.

　　Must hold and maintain current specialized cyber security domain qualification(s) such as CISSP, CISM, CISA, CRISC etc.

　　About The Cigna Group

　　Cigna Healthcare, a division of The Cigna Group, is an advocate for better health through every stage of life. We guide our customers through the health care system, empowering them with the information and insight they need to make the best choices for improving their health and vitality. Join us in driving growth and improving lives.