Third Party Risk Lead DORA

About Cigna Healthcare

Cigna Healthcare is a global health service company dedicated to transforming healthcare. With roots in the U.S. and operations in over 30 countries we serve more than 180 million customers and patients worldwide. Ranked 13th on the Fortune 500 in 2025 Cigna is recognized as one of the most trusted and influential names in the industry.

Our mission is to improve the health well-being and peace of mind of those we serve.

Join our globally recognized brand where trust communication and a positive culture are at the core of everything we do. Our leadership is consistent approachable and supportive-ensuring your well-being and work-life balance.

Were looking for individuals who thrive in collaborative environments are passionate about meaningful change and want to grow in a company that puts people first.

At Cigna youll be part of a purpose-driven team that values innovation compassion and impact. Whether youre shaping better care experiences or supporting customers through lifes key moments your work will matter.

Grow with us-and help shape the future of healthcare.

About the role

This role leads a risk-driven regulatory changeprogrammeto deliver and sustain DORA compliance for ICT third-party services (critical and non-critical suppliers). It translates regulatory expectations into a practical delivery roadmapprioritisedsequencedand measurable sooutcomesland in BAU not just in documentation.

Accountable for end-to-end execution the role drives progress across Technology Procurement Legal Vendor Owners and Risk: managing competing prioritiesdependenciesand delivery risk and removing blockers tomaintainmomentum in live BAU environments.This role should becomfortable making proportionate risk-based decisions with incomplete information and progressing delivery as requirements and frameworks evolve;maintainingregulatory confidence through clear governancetimelyescalationand audit-ready evidence.

Key Outcomes

• DORA-aligned Third-Party Risk Framework defined and embedded into BAU

• Clear criticality classification and vendor tiering model

• Defined roles and responsibilities across the 3 Lines ofDefense

• Effective vendor lifecycle management from onboarding through exit

• Regulatory-ready evidence for audit and supervisory review

Core Responsibilities

1. Framework & Policy Definition

• Lead delivery of the Third-Party Risk Framework aligned to DORA ensuring it is implemented and embedded into BAU across functions

• Drive delivery of criticality tiering and ICT service classification aligning Technology Vendor Owners Procurement and Risk on decisions and dependencies

• Operationaliseproportionality rules for critical vs non-critical vendors to enabletimely risk-based decisions and consistent execution across the vendor lifecycle

• Run governance and refresh cycles tracking delivery progress sequencingactivityand managing dependencies tomaintainregulatory confidence

• Align andsocialiseroles and responsibilities across the 3 Lines ofDefenseto enable clear ownership escalationpathsand delivery execution

2. Onboarding & Contracting Controls

• Deliver pre-contract due diligence and ICT risk assessment standards coordinating Technology Vendor Owners Procurement and Risk to meet milestones

• Drive implementation of DORA-aligned contractual clauses and addendums coordinating Legal and Procurement to resolve issues and keep delivery on track

• Coordinate Technology Vendor Owners Procurement Legal and Risk to manage dependencies resolve blockers and drive onboarding and contracting outcomes

• Embed differentiated onboarding requirements based on vendor criticality into BAU processes ensuring consistent execution across functions

3. Vendor Management & BAU Execution

• Operationalisestandard and enhanced vendor management task sets aligning Technology Vendor Owners and Risk on execution expectations and timelines

• Drive periodic reassessment of vendor criticality aligning Technology Vendor Owners and Risk on risk-based decisions and resulting actions

• Coordinate delivery of resilience testing and exit planning for critical ICT suppliers managing dependencies across Technology Vendor Owners Procurement and Risk

4. Reporting Governance & Regulatory Readiness

• Deliverprogrammereporting to governance and executive forums providing clear progress risksdependenciesand decisions

• Coordinate regulatory engagement and audit activity ensuringtimelydelivery of evidence and remediation actions across stakeholders

• Provide pragmatic DORA third party riskexpertiseto resolve ambiguity enabledecisionsand keep delivery moving

Skills & Experience Required

Essential:

• Proven Third Party / Vendor Risk Management experience delivering improvements across the end-to-end vendor lifecycle

• Strong understanding of ICT third party risk and controls with ability to drive consistent execution across onboarding contracting and BAU oversight

• Experience delivering complex regulatory change in regulated environments with clear ownership of milestonesdependenciesand outcomes

• Strong GRC capability focused on turning requirements into operational controlsevidenceand measurable BAU outcomes

• Experience interpreting and applying regulatory requirements in a pragmatic risk-based way tomaintainregulatory confidence

• Proven ability tooperationaliseregulatory requirements into BAU driving delivery plans sequencingactivityand managing cross-functional dependencies

• Strong stakeholder management and influencing skills able to deliver outcomes through Technology Procurement Legal Vendor Owners and Risk without formal authority

Why Youll Love Working here

• Competitive salary

• Multicultural and hybrid working environment

• Private Medical Insurance

• Employee Wellbeing Benefits

• Educational Development Program