Information Protection Senior Advisor - (Cloud Vulnerability Management)

• Lead the strategy and continuous evolution of a best-in-class cloud vulnerability management program, advancing automation, analytics, and risk-based prioritization to improve detection and remediation outcomes
• Design and implement scalable strategies, workflows, and procedures for identifying, assessing, prioritizing, remediating, and reporting vulnerabilities across public and private cloud environments
• Partner with cloud architecture, engineering, and application development teams to maintain comprehensive visibility into vulnerabilities and drive timely risk reduction across large-scale cloud environments
• Integrate security best practices and governance into cloud development processes, enabling secure-by-design development and DevSecOps adoption
• Deliver and continuously enhance vulnerability and remediation metrics, using KPIs to demonstrate program effectiveness, reduce risk, and drive accountability
• Develop and execute integration and automation strategies across multiple vulnerability management and cloud security toolsets
• Perform risk-based technical assessments to evaluate exposure and recommend mitigation strategies
• Monitor security alerts and advisories and coordinate cross-functional response to ensure vulnerabilities are properly addressed
• Analyze vulnerability data to identify trends, emerging risks, and opportunities to strengthen security posture
• Translate technical risks into clear, business-aligned insights, effectively communicating urgency and impact to technical and non-technical stakeholders
• Lead cross-functional discussions, build consensus, and influence stakeholders across engineering and business teams to accelerate remediation outcomes
• Communicate program status, priorities, risks, and progress to leadership and key stakeholders, including accomplishments, blockers, and next steps
• Stay current on emerging threats, vulnerabilities, and industry best practices to continuously improve program effectiveness

Are you passionate about strengthening cloud security at scale? This role leads the strategy and technical evolution of the enterprise cloud vulnerability management program-driving secure-by-design practices and measurable risk reduction across a complex, multi-cloud environment. You will partner across engineering, architecture, and security teams to integrate security governance into cloud development processes and ensure vulnerabilities are identified, prioritized, and remediated effectively., * 5+ years of experience in information security, vulnerability management, cloud security, DevSecOps, or a related field

• Hands-on experience with cloud vulnerability and security tools such as Wiz, Prisma Cloud, TwistLock, Aqua, StackRox (Red Hat ACS), Cloud Conformity, Tenable, or similar
• Experience securing cloud environments across AWS, Azure, Google Cloud Platform, and other major cloud providers (e.g., OCI, Alibaba)
• Strong knowledge of DevSecOps practices, including container security, Docker, and Kubernetes
• Experience integrating security into CI/CD pipelines and the software development lifecycle (SDLC)
• Proven ability to perform risk-based vulnerability assessments and communicate impact to technical and non-technical stakeholders
• Experience developing automation to improve security operations and remediation efficiency
• Strong understanding of security frameworks, risk models, and industry best practices
• Demonstrated ability to operate in a complex, matrixed environment-leading initiatives, influencing stakeholders, and driving outcomes
• Strong analytical, problem-solving, and communication skills, * Bachelor's degree in Information Security, Computer Science, or a related field
• Experience with application security testing tools (SAST, DAST, IAST, SCA)
• Familiarity with programming languages such as Python, Java, or JavaScript
• Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI
• Experience in a regulated industry such as healthcare, financial services, or government
• Relevant certifications such as CISSP, CISM, or similar

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 124,600 - 207,600 USD / yearly, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus plan.

At The Cigna Group, you'll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you'll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year, paid holidays, and leaves of absence. For more details on our employee benefits programs, click here (https://jobs.thecignagroup.com/us/en/benefits) .

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we're dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.