Anchor Lead – Cybersecurity GRC (HIH)

Position Title
Cigna Information Protection – Cybersecurity Governance Risk and Compliance/Hyderabad
Innovation Hub (HIH) Anchor Lead
Job Family
Cybersecurity Governance Risk and Compliance (GRC)
Role Summary
Primary Responsibility: Cybersecurity Governance Risk and Compliance Leader
As the Cybersecurity Governance Risk and Compliance Leader your primary responsibility
centers on ensuring that all cybersecurity policies and practices are in alignment with both
regulatory requirements and business this capacity you are charged with
effectively managing risk across the enterprise safeguarding organizational assets and
maintaining compliance in a dynamic threat landscape.
This leadership role demands a strategic thinker with extensive experience in the domains of
cybersecurity governance risk and compliance. You are expected to navigate complex
regulatory environments with confidence while fostering a culture that prioritizes security and
risk awareness throughout the organization.
The ideal candidate will demonstrate substantial experience in leading global teams within
highly matrixed organizations. Your expertise in managing diverse and geographically dispersed
teams is essential to driving coordinated cybersecurity efforts and achieving shared objectives
at scale.
Secondary Responsibility: CIP HIH Anchor Lead
As the CIP HIH Anchor Lead you are tasked with understanding and effectively communicating
CIP’s strategic objectives to ensure organizational this capacity you will drive
innovation promote operational efficiency and facilitate followthesun execution across teams.
Your responsibility extends to fostering a positive and compliant workplace environment by
enforcing people-related policies procedures and initiatives at the site level. Strategic oversight
is required with active collaboration alongside the HIH HR Business Partner (HRBP) site
management and other key stakeholders. The Anchor lead sits at the HIH VP Site lead
leadership table representing all of CIP. The Anchor Lead plays a pivotal role in advancing
employee engagement maintaining policy compliance and supporting the professional
development of local talent in accordance with the organization’s objectives and values.

Key responsibilities:
Strategic Leadership:
Enhance implement and maintain a comprehensive cybersecurity governance
framework.
Align cybersecurity strategies with business goals and regulatory requirements.
Serve as a key advisor to senior leadership on cybersecurity risk management.
Ensure the effective implementation of people-related policies procedures and
initiatives at the site level.
Provide strategic oversight and collaboration with key stakeholders.

Advance employee engagement policy compliance and the professional development
of local talent in alignment with organizational objectives and values.
Build and manage a high-performing GRC team providing mentorship and guidance.
Foster a culture of security within CIP HIH.
Risk Management:
Identify assess and prioritize cybersecurity risks across the organization
Develop risk mitigation strategies and ensure appropriate controls are in place.
Oversee regular risk assessments and audits to evaluate the effectiveness of security
measures.
Leverage the Enterprise Risk Management framework perform focused localized risk
assessments of existing or new services and technologies in line with policies and
standards and manage the risk exceptions process. Develop residual risk registers and
integrate into Shared Service Integrated Risk Management Framework.
Coordinate the local delivery of global Cyber & Privacy portfolio risk mitigation projects
and programs into business line / region. Conversely feed the portfolio by registering
local business line residual risk outputs driving controls mitigation activity.
Develop organizational wide Cyber / Information Security risk views by collaborating with
internal control groups e.g. Audit Compliance Enterprise Risk Management Legal and
Privacy.
Liaise across Legal Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd
Party Assessments including evaluations contract reviews and onsite visit where
appropriate.
Policy Development and Compliance:
Enforce cybersecurity policies standards and procedures.
Ensure compliance with application laws regulations and industry standards (e.g. NIST
ISO 27001 GDPR DORA).
Liaise with regulator bodies and external auditors during assessments.
Lead localized Controls Assurance activities define and track effectively control testing
and remediation risks for local business line. Coordinate Shared Service benchmarking
exercises (NIST etc.) using Cigna Information Protection standards.
Evolve Cigna Information Protection security policies and processes aligning to local
business requirements and operate the policy exceptions management process.
Coordinate security education & awareness initiatives in line with policy framework
integrate with the Shared Service overall thematic awareness program.
Training and Awareness:
Work with Global Shared Services to support initiatives that promote cybersecurity
awareness throughout the organization.
Execute training programs to ensure staff understands compliance requirements and
security practices.
Collaboration and Communication:
Work closely with stakeholders (IT legal etc.) to integrate cybersecurity considerations
into operations.
Report on GRC activities and cybersecurity posture to senior management.
Manage all external local client and regularity engagements including fielding queries
regulatory & compliance submissions in conjunction with matrix Cigna Information

Protection Shared Service Partners and governance stakeholders legal compliance
and data privacy.
Partner with key stakeholders to educate and integrate risk management activities into
ways of working.
Coordinate with Global Shared Services teams to provide localized risk and vulnerability
management information and reporting and embed Cyber / Information Security into
business operational governance forums enabling data driven decision making.
Anchor Leadership:
Oversee and reinforce adherence to hybrid working policies ensuring all employees
comply with established protocols and guidelines.
Evaluate and address local training and development requirements by engaging relevant
stakeholders to facilitate skill enhancement and career progression.
Provide site-level leadership to drive engagement compliance and alignment with
enterprise priorities.
Ensure compliance with local policies and benefits resolving inquiries and issues in a
timely and effective manner.
Act as the initial point of escalation for site-level disciplinary matters and policy
violations consulting and referring to the HIH HRBP when necessary.
Lead and support site-level initiatives that align with organizational priorities and
enhance workplace culture.
Supervise overall compliance with people policies and processes upholding the highest
standards of integrity and professionalism.
Collaborate with the CIP Program Team to foster HIH engagement and support broader
corporate programs and initiatives.
Ensure in person employee engagement by motivating team running personalized
development programs and creating an empowering culture aligned with Cigna values.
Qualifications:
Education:
Bachelor’s degree in computer science Information Technology Cybersecurity
Business Administration or a related field.
Master’s degree or MBA preferred.
Experience:
15 years of experience in cybersecurity risk management or compliance.
Relevant experience in leading people employee engagement etc.
Proven track record in leading GRC initiatives in large organizations.
Experience within the Healthcare Insurance or Financial Services industry preferred.
Certifications:
Relevant certifications (e.g. CISSP CISM CISA CRISC) are highly desirable.
Skills:
Strong understanding of cybersecurity frameworks risk management methodologies
and compliance regulations.
Excellent analytical problem-solving and decision-making skills.
Exceptional communication and interpersonal skills.
Exceptional interpersonal and communication skills with the capacity to establish and
maintain relationships across all levels of the organization.

Demonstrated ability to manage sensitive matters with discretion and professionalism.
Strong organizational and project management capabilities.

Required Skills:

Cyber security