Evernorth BISO Principal

About The Position

Requirements

• BA/BS in business or technical field; MBA preferred but not required
• Minimum 10+ years in Information Security/Cybersecurity with ability to translate technical controls into business terms
• Minimum 5+ years in cyber leadership roles within Fortune 500 organizations
• Proven ability to influence and lead matrix teams; strong business acumen and global cultural awareness
• Implementation-level knowledge of security standards and frameworks (ISO, NIST, PCI-DSS, FedRAMP)
• Familiarity with GRC tools and workflow management systems
• Healthcare or Health IT required; Insurance & Financial Services preferred
• Drive measurable improvements in risk posture and compliance scores across business units
• Demonstrate inclusive leadership and cultural alignment with Cigna values

Nice To Haves

• MBA preferred but not required
• CISSP, CISM, or equivalent preferred
• Insurance & Financial Services preferred

Responsibilities

• Strategic Leadership & Business Alignment
• Understand business strategy and anticipate cyber risk impacts; integrate security into business planning
• Champion enterprise cybersecurity initiatives, including multi-year Pharmacy Security Program & risk mitigation tied to the threat landscape
• Risk Management & Governance
• Parter with the CIP Governance, Risk, and Compliance team to embed risk management into the delivery lifecycle & layered defence model
• Develop and maintain organizational-wide cyber risk views in collaboration with CIP, Audit, Compliance, ERM, Legal, and Privacy
• Ensure adherence to CIP standards and frameworks (ISO/IEC 27001/27002, NIST CSF, PCI-DSS) and management of policy exceptions
• Operational Execution
• Partner with the Strategic Delivery Office to ensure delivery of global Cyber & Privacy risk mitigation programs for Pharmacy & Care
• Influence secure coding and DevSecOps practices into Agile pipelines to minimize vulnerabilities
• Ensure visibility into incident response, regulatory reporting, and forensic investigations in partnership with the CIP Global Threat Management team
• Stakeholder Engagement & Communication
• Provide localized risk and vulnerability reporting to business governance forums for data-driven decisions
• Partner with Global Architecture teams to implement standard security solutions and feed local requirements into global roadmaps
• Change & Integration
• Partner with the Cyber Mergers and Acquisitions team to integrate new companies securely

Benefits

• Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs.
• We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays.