Vice President, Deputy Chief Information Security Officer (DCISO)Head of Security Architecture & Engineering- Evernorth

* Location: Hybrid- willing to consider locations where Cigna has an office presence.

Role Summary: The Vice President Deputy Chief Information Security Officer (DCISO) Evernorth is a senior cybersecurity leader within The Cigna Groups Technology organization. This role is accountable for cybersecurity outcomes across the Evernorth business including cyber risk management security strategy execution and security technology this capacity the leader serves as the CISO for Evernorth and has ownership of the Security Architecture & Engineering function as a shared enterprise service.

The role is responsible for ensuring cybersecurity capabilities are architected engineered and embedded into technology solutions in a manner that protects the confidentiality integrity and availability of information across a complex highly regulated environment while enabling business innovation and delivery at speed.

This is a highly visible role that partners closely with Evernorth and enterprise executives to advise on cyber risk resilience and security investment decisions ensuring cybersecurity priorities for Evernorth are effectively addressed through enterprisewide capabilities and standards.

The DCISO reports directly to the SVP Global Chief Information Security Officer (GCISO) with a dottedline relationship to CIO leadership. The role is an active member of the Enterprise CISO Council (ECC) contributing to enterprisewide cybersecurity strategy standards and maturity.

RESPONSIBILITIES:

Enterprise & Evernorth Cybersecurity Leadership

• Serve as the CISO for Evernorth accountable for the overall cybersecurity posture and material cyber risk outcomes for the business.

• Act as a trusted advisor to Evernorth executive leadership on cybersecurity risk resilience and security investment priorities.

• Represent cybersecurity with Evernorth-specific Risk Audit and governance committees and engage with Boardlevel forums as required.

• Provide executive leadership and oversight for how enterprise cybersecurity services are engaged and applied to address Evernorth-specific risks regulatory obligations and business priorities.

• Oversee cybersecurity risk related to mergers acquisitions and integrations ensuring security considerations are incorporated into integration planning risk forecasting and remediation activities.

• Partner closely with enterprise cybersecurity operations threat management and assurance leaders to ensure clear accountability effective engagement models and timely escalation of Evernorth-related risks and issues.

• Serve as the primary Evernorth security leader coordinating executive engagement and decision-making during significant cyber events impacting the business.

• Contribute to enterprise cybersecurity strategy standards and operating model decisions through active participation in the Enterprise CISO Council (ECC).

Security Architecture & Engineering

• Lead the Security Architecture & Engineering function including strategy operating model talent and enterprise delivery outcomes.

• Set enterprisealigned direction for securebydesign principles across applications platforms infrastructure cloud and emerging technologies.

• Establish and govern security architecture standards reference architectures design patterns and guardrails aligned to enterprise frameworks and regulatory requirements.

• Ensure security architecture is embedded early in the technology delivery lifecycle partnering with application platform and infrastructure leaders to proactively identify and mitigate risk.

• Drive security engineering outcomes ensuring capabilities are scalable resilient automated where appropriate and aligned to an evolving threat landscape.

• Guide adoption of modern engineering practices including cloudnative patterns APIfirst design automation and AIenabled security capabilities.

Strategy Transformation & Talent

• Drive continuous improvement of cybersecurity capabilities across Evernorth with a focus on simplification automation speed and scalability.

• Lead strategic planning and investment prioritization in support of Evernorth cybersecurity priorities and enterprise standards.

• Serve as a senior people leader within the cybersecurity organization fostering strong leadership engagement and performance across directly and indirectly aligned teams.

• Partner with Technology and Cybersecurity senior leaders to shape and support a globally integrated workforce strategy expanding access to diverse talent sources while maintaining appropriate balance across regions and preserving critical capabilities and leadership continuity.

• Support the development mentorship and succession planning of cybersecurity leaders and critical roles aligned to Evernorth priorities.

• Promote a collaborative inclusive and executionoriented culture that balances strong risk management with business enablement.

• Stay current on emerging threats technologies and operating models to continuously evolve organizational capability and effectiveness.

QUALIFICATIONS:

• Bachelors degree required; Masters degree or MBA preferred.

• 15 years of progressive experience in cybersecurity technology or risk leadership roles ideally within highly regulated environments.

• Demonstrated ability to lead at the enterprise level influencing senior executives and driving alignment across complex matrixed organizations.

• Proven experience in strategic and transformational leadership with a track record of translating strategy into execution and measurable outcomes.

• Deep understanding of security and architecture frameworks and standards such as NIST ISO HITRUST COBIT ITIL and FIPS.

• Strong knowledge of regulatory and compliance requirements including HIPAA PCI DSS SOX SOC and data privacy.

• Broad technical depth across cloud infrastructure application security identity networking and security engineering domains.

• Ability to clearly communicate complex technical concepts to nontechnical and executive audiences influencing decisionmaking and investment priorities.

• Experience working with and influencing globally distributed teams vendors and partners in a federated operating model.

• Strong relationshipbuilding skills with technology risk and business leaders enabling effective collaboration and outcomes.

• Demonstrated comfort operating in ambiguous evolving environments balancing risk management with business enablement.

• CISSP and/or other relevant security certifications strongly preferred.

About The Cigna Group

Qualified applicants will be considered without regard to race color age disability sex childbirth (including pregnancy) or related medical conditions including but not limited to lactation sexual orientation gender identity or expression veteran or military status religion national origin ancestry marital or familial status genetic information status with regard to public assistance citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you need a reasonable accommodation to complete the online application process please email for assistance. Please note that this email inbox is dedicated to accommodation requests only and cannot provide application updates or accept resumes.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama Alaska Arizona Arkansas Delaware Florida Georgia Hawaii Idaho Iowa Kansas Maryland Massachusetts Michigan Nebraska Ohio Pennsylvania Texas Utah Vermont and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal state and local ordinances.