Vice President, Deputy Chief Information Security Officer (DCISO)/Head of Security Architecture & Engineering- Evernorth

About The Position

Requirements

• Bachelor’s degree required
• 15+ years of progressive experience in cybersecurity, technology, or risk leadership roles, ideally within highly regulated environments.
• Demonstrated ability to lead at the enterprise level, influencing senior executives and driving alignment across complex, matrixed organizations.
• Proven experience in strategic and transformational leadership, with a track record of translating strategy into execution and measurable outcomes.
• Deep understanding of security and architecture frameworks and standards such as NIST, ISO, HITRUST, COBIT, ITIL, and FIPS.
• Strong knowledge of regulatory and compliance requirements, including HIPAA, PCI DSS, SOX, SOC, and data privacy.
• Broad technical depth across cloud, infrastructure, application security, identity, networking, and security engineering domains.
• Ability to clearly communicate complex technical concepts to non‑technical and executive audiences, influencing decision‑making and investment priorities.
• Experience working with and influencing globally distributed teams, vendors, and partners in a federated operating model.
• Strong relationship‑building skills with technology, risk, and business leaders, enabling effective collaboration and outcomes.
• Demonstrated comfort operating in ambiguous, evolving environments, balancing risk management with business enablement.

Nice To Haves

• Master’s degree or MBA preferred.
• CISSP and/or other relevant security certifications strongly preferred.

Responsibilities

• Serve as the CISO for Evernorth, accountable for the overall cybersecurity posture and material cyber risk outcomes for the business.
• Act as a trusted advisor to Evernorth executive leadership on cybersecurity risk, resilience, and security investment priorities.
• Represent cybersecurity with Evernorth-specific Risk, Audit, and governance committees, and engage with Board‑level forums as required.
• Provide executive leadership and oversight for how enterprise cybersecurity services are engaged and applied to address Evernorth-specific risks, regulatory obligations, and business priorities.
• Oversee cybersecurity risk related to mergers, acquisitions, and integrations, ensuring security considerations are incorporated into integration planning, risk forecasting, and remediation activities.
• Partner closely with enterprise cybersecurity operations, threat management, and assurance leaders to ensure clear accountability, effective engagement models, and timely escalation of Evernorth-related risks and issues.
• Serve as the primary Evernorth security leader, coordinating executive engagement and decision-making during significant cyber events impacting the business.
• Contribute to enterprise cybersecurity strategy, standards, and operating model decisions through active participation in the Enterprise CISO Council (ECC).
• Lead the Security Architecture & Engineering function, including strategy, operating model, talent, and enterprise delivery outcomes.
• Set enterprise‑aligned direction for secure‑by‑design principles across applications, platforms, infrastructure, cloud, and emerging technologies.
• Establish and govern security architecture standards, reference architectures, design patterns, and guardrails aligned to enterprise frameworks and regulatory requirements.
• Ensure security architecture is embedded early in the technology delivery lifecycle, partnering with application, platform, and infrastructure leaders to proactively identify and mitigate risk.
• Drive security engineering outcomes, ensuring capabilities are scalable, resilient, automated where appropriate, and aligned to an evolving threat landscape.
• Guide adoption of modern engineering practices, including cloud‑native patterns, API‑first design, automation, and AI‑enabled security capabilities.
• Drive continuous improvement of cybersecurity capabilities across Evernorth with a focus on simplification, automation, speed, and scalability.
• Lead strategic planning and investment prioritization in support of Evernorth cybersecurity priorities and enterprise standards.
• Serve as a senior people leader within the cybersecurity organization, fostering strong leadership, engagement, and performance across directly and indirectly aligned teams.
• Partner with Technology and Cybersecurity senior leaders to shape and support a globally integrated workforce strategy, expanding access to diverse talent sources while maintaining appropriate balance across regions and preserving critical capabilities and leadership continuity.
• Support the development, mentorship, and succession planning of cybersecurity leaders and critical roles aligned to Evernorth priorities.
• Promote a collaborative, inclusive, and execution‑oriented culture that balances strong risk management with business enablement.
• Stay current on emerging threats, technologies, and operating models to continuously evolve organizational capability and effectiveness.

Benefits

• The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible.