Director, Cybersecurity Engineering
|Published||January 18, 2023|
**Director, Cybersecurity Engineering**
The Director of Cybersecurity Engineering is a senior leadership position in Cigna's Information Protection (CIP) organization, providing oversight for the cybersecurity engineering portfolio on a global scale. As a business-driven organization, this highly visible leadership role is responsible for helping to continuing to evolve the organization's talent, processes, and technology to effectively support the evolving business while managing the risk driven by the evolving threat landscape. Having the ability to develop strong relationships with business leaders across the enterprise is a critical component to the success of the individual chosen to lead this function.
The Director of Cybersecurity Engineering leverages a "defense in depth" framework as the guiding principle and actively contributes to the Enterprise CISO Council (ECC) leveraging best practices and helping to improve the overall cyber maturity and posture across the enterprise. This role reports directly to the Managing Director of Security Engineering and requires strategic partnership with Cigna's Chief Information Security Officer's and CIP Shared-Services Leaders.
+ Provides overall definition, direction, and strategy design for Cigna's Cybersecurity Engineering in collaboration with the ECC and the enterprise Information Protection leadership team.
+ Leads a team of cross-functional security engineers to design and operate a reliable, scalable, maintainable security product and platform in a Three Lines Operating Model.
+ Possesses experience in designing for both small and large-scale solutions with an emphasis on security and performance.
+ Displays hands on approach, leading engineers to deliver code and functional capabilities in security engineering.
+ Coordinates with project team comprised of multiple technical disciplines, including developers, subject matter experts, database administrators, system administrators, and system architects to implement and maintain enterprise-level information technology applications.
+ Determines security product and architecture currency - Remains relevant to industry best practices and the evolving threat landscape responding swiftly to mitigate exposure to new threats and vulnerabilities.
+ Accountable for the end-to-end security technology posture, including end-point, network, email, perimeter, identity and access management, data protection, including cloud, etc.
+ Provides insights and guidance to the Cyber Security Department, Global Security Operations Center (G-SOC), Incident Response, Security Solution Engineering, and Governance & Project Delivery teams.
+ Technical depth and working knowledge in networking, server, workstation, IoT, storage, virtualization and application domains.
+ Technical knowledge of Data Loss Prevention (network and endpoint), Intrusion Detection and Prevention Systems (IDS/IPS), Firewalls, Heuristics, Sandboxing, Web App Firewalls, MDM, Endpoint Protection, Distributed Denial of Service (DDoS) protection, SIEM, Encryption techniques.
+ Leads strategic technology planning to achieve business goals, including the ability to articulate ideas to both technical and non-technical groups, and business case justifications for technology and security spending initiatives.
+ Establishes and maintains a strong partnership with technology peers, enterprise risk management, privacy, audit, and other leaders throughout the business to support the development and implementation strategies that adhere to the enterprise risk tolerance. The security team will need to anticipate technology shifts that keep peer organizations competitive and drive these innovated solutions without compromising the security posture.
+ In conjunction with other cyber and technology leaders, develops, implements and maintains department policies and standards designed to maximize effectiveness and minimize costs related to the acquisition, implementation and operation of enterprise applications and infrastructure systems in a secure manner.
+ Maintains a constructive, team-oriented and customer-focused attitude at all times and in all settings.
+ Recruits and develops talent that will drive the organization to higher performance.
+ This role is accountable to maintain technical compliance to regulations, standards, and certifications such as SOC1/2, SOX, data privacy, PCI and HIPPA.
+ 10+ years of professional experience including security, infrastructure and/or application leadership experience.
+ 7+ years of engineering management experience leading productive, high functioning teams.
+ Strong expertise in at least three of the following domains: cloud security and governance, network security, security event and information management, data protection, or identity and access management, endpoint protection, threat and vulnerability management
+ Proven ability to develop and execute security strategy and roadmap solutions
+ Understanding of risk management life cycles in the data center and cloud environments.
+ Strong relationship skills - - The ability to build trusted, productive partnerships between technology, business leaders and external partners is a must.
+ Agility in dealing with a constantly changing business environment and areas of ambiguity.
+ Energy, focus & stature to excel - strong leadership presence, (possess stature) prominence in the industry and can rally people in a multi-site operational structure. Strong work ethic and a high drive and focus. Demonstrates optimism and determination when facing challenges.
+ Healthcare security background and understanding of regulatory standards is preferred (HIPAA, GDPR, PCI).
+ Recognize IT and Cybersecurity frameworks (NIST, ISO, HTRUST, COBIT, ITIL, FIPS)
+ Recognize enterprise architecture related frameworks (e.g., TOGAF, SABSA, OSA, etc.)
A bachelor's degree is required, an MBA desirable. CISSP and/or other security certifications are desirable.
If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
For this position, we anticipate offering an annual salary of 137,600 - 229,400 USD / yearly, depending on relevant factors, including experience and geographic location.
This role is also anticipated to be eligible to participate in an annual bonus and long term incentive plan.
We want you to be healthy, balanced, and feel secure. That's why you'll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you'll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, visit Life at Cigna (https://jobs.cigna.com/us/en/life-careers) .
Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you'll enjoy meaningful career experiences that enrich people's lives. What difference will you make?
_Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws._
_If you require reasonable accommodation in completing the online application process, please email: [Click Here to Email Your Resumé] for support. Do not email [Click Here to Email Your Resumé] for an update on your application or to provide your resume as you will not receive a response._
_Cigna has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State._