Vice President, Deputy Chief Information Security Officer (DCISO)/Head of Security Architecture & Engineering- Evernorth

* Location: Hybrid- willing to consider locations where Cigna has an office presence.

Role Summary: The Vice President, Deputy Chief Information Security Officer (DCISO) – Evernorth is a senior cybersecurity leader within The Cigna Group’s Technology organization. This role is accountable for cybersecurity outcomes across the Evernorth business, including cyber risk management, security strategy execution, and security technology alignment. In this capacity, the leader serves as the CISO for Evernorth and has ownership of the Security Architecture & Engineering function as a shared enterprise service.

The role is responsible for ensuring cybersecurity capabilities are architected, engineered, and embedded into technology solutions in a manner that protects the confidentiality, integrity, and availability of information across a complex, highly regulated environment, while enabling business innovation and delivery at speed.

This is a highly visible role that partners closely with Evernorth and enterprise executives to advise on cyber risk, resilience, and security investment decisions, ensuring cybersecurity priorities for Evernorth are effectively addressed through enterprise‑wide capabilities and standards.

The DCISO reports directly to the SVP, Global Chief Information Security Officer (GCISO), with a dotted‑line relationship to CIO leadership. The role is an active member of the Enterprise CISO Council (ECC), contributing to enterprise‑wide cybersecurity strategy, standards, and maturity.

RESPONSIBILITIES:

Enterprise & Evernorth Cybersecurity Leadership

• Serve as the CISO for Evernorth, accountable for the overall cybersecurity posture and material cyber risk outcomes for the business.

• Act as a trusted advisor to Evernorth executive leadership on cybersecurity risk, resilience, and security investment priorities.

• Represent cybersecurity with Evernorth-specific Risk, Audit, and governance committees, and engage with Board‑level forums as required.

• Provide executive leadership and oversight for how enterprise cybersecurity services are engaged and applied to address Evernorth-specific risks, regulatory obligations, and business priorities.

• Oversee cybersecurity risk related to mergers, acquisitions, and integrations, ensuring security considerations are incorporated into integration planning, risk forecasting, and remediation activities.

• Partner closely with enterprise cybersecurity operations, threat management, and assurance leaders to ensure clear accountability, effective engagement models, and timely escalation of Evernorth-related risks and issues.

• Serve as the primary Evernorth security leader, coordinating executive engagement and decision-making during significant cyber events impacting the business.

• Contribute to enterprise cybersecurity strategy, standards, and operating model decisions through active participation in the Enterprise CISO Council (ECC).

Security Architecture & Engineering

• Lead the Security Architecture & Engineering function, including strategy, operating model, talent, and enterprise delivery outcomes.

• Set enterprise‑aligned direction for secure‑by‑design principles across applications, platforms, infrastructure, cloud, and emerging technologies.

• Establish and govern security architecture standards, reference architectures, design patterns, and guardrails aligned to enterprise frameworks and regulatory requirements.

• Ensure security architecture is embedded early in the technology delivery lifecycle, partnering with application, platform, and infrastructure leaders to proactively identify and mitigate risk.

• Drive security engineering outcomes, ensuring capabilities are scalable, resilient, automated where appropriate, and aligned to an evolving threat landscape.

• Guide adoption of modern engineering practices, including cloud‑native patterns, API‑first design, automation, and AI‑enabled security capabilities.

Strategy, Transformation & Talent

• Drive continuous improvement of cybersecurity capabilities across Evernorth with a focus on simplification, automation, speed, and scalability.

• Lead strategic planning and investment prioritization in support of Evernorth cybersecurity priorities and enterprise standards.

• Serve as a senior people leader within the cybersecurity organization, fostering strong leadership, engagement, and performance across directly and indirectly aligned teams.

• Partner with Technology and Cybersecurity senior leaders to shape and support a globally integrated workforce strategy, expanding access to diverse talent sources while maintaining appropriate balance across regions and preserving critical capabilities and leadership continuity.

• Support the development, mentorship, and succession planning of cybersecurity leaders and critical roles aligned to Evernorth priorities.

• Promote a collaborative, inclusive, and execution‑oriented culture that balances strong risk management with business enablement.

• Stay current on emerging threats, technologies, and operating models to continuously evolve organizational capability and effectiveness.

QUALIFICATIONS:

• Bachelor’s degree required; Master’s degree or MBA preferred.

• 15+ years of progressive experience in cybersecurity, technology, or risk leadership roles, ideally within highly regulated environments.

• Demonstrated ability to lead at the enterprise level, influencing senior executives and driving alignment across complex, matrixed organizations.

• Proven experience in strategic and transformational leadership, with a track record of translating strategy into execution and measurable outcomes.

• Deep understanding of security and architecture frameworks and standards such as NIST, ISO, HITRUST, COBIT, ITIL, and FIPS.

• Strong knowledge of regulatory and compliance requirements, including HIPAA, PCI DSS, SOX, SOC, and data privacy.

• Broad technical depth across cloud, infrastructure, application security, identity, networking, and security engineering domains.

• Ability to clearly communicate complex technical concepts to non‑technical and executive audiences, influencing decision‑making and investment priorities.

• Experience working with and influencing globally distributed teams, vendors, and partners in a federated operating model.

• Strong relationship‑building skills with technology, risk, and business leaders, enabling effective collaboration and outcomes.

• Demonstrated comfort operating in ambiguous, evolving environments, balancing risk management with business enablement.

• CISSP and/or other relevant security certifications strongly preferred.

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you need a reasonable accommodation to complete the online application process, please email seeyourself@thecignagroup.com for assistance.  Please note that this email inbox is dedicated to accommodation requests only and cannot provide application updates or accept resumes.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.