Information Protection Senior Advisor - (Cloud Vulnerability Management)
Top focus
Are you passionate about strengthening cloud security at scale? This role leads the strategy and technical evolution of the enterprise cloud vulnerability management program—driving secure-by-design practices and measurable risk reduction across a complex, multi-cloud environment.
You will partner across engineering, architecture, and security teams to integrate security governance into cloud development processes and ensure vulnerabilities are identified, prioritized, and remediated effectively. Responsibilities Lead the strategy and continuous evolution of a best-in-class cloud vulnerability management program, advancing automation, analytics, and risk-based prioritization to improve detection and remediation outcomes Design and implement scalable strategies, workflows, and procedures for identifying, assessing, prioritizing, remediating, and reporting vulnerabilities across public and private cloud environments Partner with cloud architecture, engineering, and application development teams to maintain comprehensive visibility into vulnerabilities and drive timely risk reduction across large-scale cloud environments Integrate security best practices and governance into cloud development processes, enabling secure-by-design development and DevSecOps adoption Deliver and continuously enhance vulnerability and remediation metrics, using KPIs to demonstrate program effectiveness, reduce risk, and drive accountability Develop and execute integration and automation strategies across multiple vulnerability management and cloud security toolsets Perform risk-based technical assessments to evaluate exposure and recommend mitigation strategies Monitor security alerts and advisories and coordinate cross-functional response to ensure vulnerabilities are properly addressed Analyze vulnerability data to identify trends, emerging risks, and opportunities to strengthen security posture Translate technical risks into clear, business-aligned insights, effectively communicating urgency and impact to technical and non-technical stakeholders Lead cross-functional discussions, build consensus, and influence stakeholders across engineering and business teams to accelerate remediation outcomes Communicate program status, priorities, risks, and progress to leadership and key stakeholders, including accomplishments, blockers, and next steps Stay current on emerging threats, vulnerabilities, and industry best practices to continuously improve program effectiveness Required Qualifications 5+ years of experience in information security, vulnerability management, cloud security, DevSecOps, or a related field Hands-on experience with cloud vulnerability and security tools such as Wiz, Prisma Cloud, TwistLock, Aqua, StackRox (Red Hat ACS), Cloud Conformity, Tenable, or similar Experience securing cloud environments across AWS, Azure, Google Cloud Platform, and other major cloud providers (e.g., OCI, Alibaba) Strong knowledge of DevSecOps practices, including container security, Docker, and Kubernetes Experience integrating security into CI/CD pipelines and the software development lifecycle (SDLC) Proven ability to perform risk-based vulnerability assessments and communicate impact to technical and non-technical stakeholders Experience developing automation to improve security operations and remediation efficiency Strong understanding of security frameworks, risk models, and industry best practices Demonstrated ability to operate in a complex, matrixed environment—leading initiatives, influencing stakeholders, and driving outcomes Strong analytical, problem-solving, and communication skills Preferred Qualifications Bachelor’s degree in Information Security, Computer Science, or a related field Experience with application security testing tools (SAST, DAST, IAST, SCA) Familiarity with programming languages such as Python, Java, or JavaScript Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI Experience in a regulated industry such as healthcare, financial services, or government Relevant certifications such as CISSP, CISM, or similar If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
For this position, we anticipate offering an annual salary of 124,600 - 207,600 USD / yearly, depending on relevant factors, including experience and geographic location. This role is also anticipated to be eligible to participate in an annual bonus plan.
At The Cigna Group, you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs.
We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year, paid holidays, and leaves of absence. For more details on our employee benefits programs, click here . About The Cigna Group Doing something meaningful starts with a simple decision, a commitment to changing lives.
At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients.
Join us in driving growth and improving lives. Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you need a reasonable accommodation to complete the online application process, please email seeyourself@thecignagroup.com for assistance. Please note that this email inbox is dedicated to accommodation requests only and cannot provide application updates or accept resumes.
The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment.
These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.