Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

Data Advisor at Bloomfield Connecticut

Duties:
The EviCore Information Protection (CIP) Governance, Risk, and Compliance (GRC) team is looking for an experienced information security professional to play a key role in EviCore retaining and acquiring new business. The GRC team manages information security requests and inquiries for proposed, new and existing Client relationships, enterprise-wide. The Information Protection Advisor will work with the business and technology teams in support of request for proposal/request for information (RFP/RFI) response, contract review, questionnaire response, support on-site audits, and participate in client conference calls. Applicants should have experience in information security and demonstrate the ability to describe security practices and controls to external parties and non-technical teams
Manage intake, tracking and closure process for team requests.
Facilitate responses to client due diligence, compliance, regulatory, risk, privacy, and information security questionnaires as related to enterprise control domains. May also need to coordinate with Information Protection leadership to develop and communicate client corrective action plans (CAPs) that may result from client due diligence responses.
Research and engage subject matter experts to draft complete and accurate statements about EviCore's security controls and practices that will be provided external to parties.
Coordinate and communicate with various stakeholders and subject matter experts (SMEs) throughout the organization to research enterprise control topics, organize documentation, and synthesize information to provide appropriate comprehensive responses to client inquiries.
Ensure appropriate scope, branding, and messaging of the statements and materials provided in accordance with contractual obligations.
Represent CIP in pre-sales information security discussions and activities including responding to RFPs and initial contract negotiations.
Serve as a subject matter expert (SME) on client calls.
Review information security language in client contracts to ensure compliance and alignment with EviCore's information protection policies, standards, and capabilities.
Develop/Maintain team repository of frequently asked information protection questions and responses.
Develop relationships with EviCore account managers and proposal teams to ensure requests are processed completely, in a timely manner, and to the level of detail consistent with client expectations.
Assist with projects associated with team integration efforts to standardize processes enterprise-wide.
Partner with the enterprise Cigna/ESI Information Protection and Client Risk Management teams to ensure cohesive and consistent enterprise responses where applicable to eviCore services and client needs.
Support internal requests related to security audits, externally-facing statements, cyber insurance forms, regulatory activities, and other events.
Obtain and prepare supporting evidence for client audit requests.
Perform quarterly and annual reviews to refresh enterprise content and standardized documentation.
Skills:
Solid understanding of data classifications to know when and what information can be shared external to EviCore.
Knowledge of generally accepted Information Security controls (e.g. NIST 800-53, NIST 800-171, ISO 27001)
High customer focus and comfortable working with strict time constraints
Excellent verbal and written communication skills along with presentation skills. Must be proficient with Microsoft Word, Microsoft Excel, and Adobe.
Must be comfortable with responding to various formats of surveys and questionnaires including online portals.
Strong technical and analytical skills.
Excellent organizational skills and ability to communicate with internal/external entities and management. Project management skills a plus.
Education:
Bachelor's degree in Computer Science, MIS, or similar required
IT security or Third Party Risk Management certification preferred (e.g. CTPRA, CTPRP, CISA, CISM, Security+, etc.)
4+ years of Information Security experience required.