Legal Compliance Manager - Privacy Team

We are seeking a strategic and experienced Legal Compliance Manager of Enterprise Incident Response. This role will manage privacy incidents and a team of privacy incident investigators and compliance professionals responsible for proactively researching, analyzing, and reporting on privacy incidents, including unauthorized disclosures and data breaches. This role requires advanced critical and strategic thinking to collaborate cross-functionally with business units, legal, compliance, and technology teams to identify root causes, implement corrective actions, and establish preventative measures that minimize organizational risk and drive continuous improvement.

This role requires experience in investigating large incidents, seasoned judgment, diplomacy, exceptional communication skills, and a demonstrated ability to identify and resolve issues proactively. This role will report to the Director of Enterprise Incident Response.

Key Duties and Responsibilities

• Partner with the Director of Enterprise Incident Response to implement and maintain an effective incident response program, including building cross functional partnerships with business teams to build a culture of effective and timely reporting and issue management.
• Lead the research, management, and resolution of privacy issues presented to the Privacy Office.
• Design and deliver privacy compliance training programs; perform auditing and monitoring activities to ensure ongoing adherence to regulatory requirements and internal policies.
• Prepare and issue required notifications to clients, business partners, and government regulators in accordance with applicable laws.
• Monitor the performance of the incident response program while taking appropriate steps to improve its effectiveness.
• Act as an advisor to the business in all aspects of incident response and other privacy-related questions (risk assessment, regulatory reporting, etc.).
• Serve as a subject matter expert and compliance resource for internal and external partners.
• Collaborate with other departments including the legal team, to direct compliance issues to appropriate existing channels for investigation and resolution.
• Respond to cybersecurity and privacy incidents, complaints received from customers, third parties, regulators and areas of the business. Assist with the investigation of such incidents in a consistent, uniform manner.
• Monitor, and as necessary, coordinate incident response activities of other departments to remain abreast of the status and to identify trends.
• Manage a team of Sr. Analysts responsible for handling day-to-day and large privacy incidents, ensuring thorough investigation, careful documentation, and timely resolution of incidents in a high-volume, fast-paced environment.
• Collaborate with Privacy Legal and Compliance Operations, IT, Cigna Information Protection, and Enterprise Risk Management, and other stakeholders to ensure coordinated incident handling and timely resolution.
• Partner with Cigna Information Protection team to test and execute the cyber-incident response playbook for key clients.
• Lead key client relationships to ensure all contractual and costly performance guarantees are met, including reporting incidents in accordance with the contract and perform ongoing daily communication with clients until incident is closed.
• Support strategic compliance initiatives, including internal and external audits, policy development, and employee training.

Qualifications

• Bachelor’s degree
• 5+ years of experience managing large privacy incidents.
• Healthcare and/or PBM privacy and compliance experience required
• Demonstrated experience leading teams and driving incident management processes.
• Strong analytical, communication, and interpersonal skills; proven ability to work cross-functionally and influence stakeholders.
• Knowledge of State and Federal breach notification laws, including HIPAA.
• Demonstrated competency with privacy management software and incident tracking tools.
• Ability to manage multiple priorities in a fast-paced, matrixed environment and adapt to evolving regulatory requirements.

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 101,600 - 169,400 USD / yearly, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus plan.

At The Cigna Group, you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, click here.

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.