GRC Information Security Consultant

Description

• Facilitate responses to client due diligence, compliance, regulatory, risk, privacy, and information security questionnaires as related to enterprise control domains. May also need to coordinate with Information Protection leadership to develop and communicate client corrective action plans (CAPs) that may result from client due diligence responses.
• Research and engage subject matter experts to draft complete and accurate statements about EviCore's security controls and practices that will be provided external to parties.
• Coordinate and communicate with various stakeholders and subject matter experts (SMEs) throughout the organization to research enterprise control topics, organize documentation, and synthesize information to provide appropriate comprehensive responses to client inquiries.
• Ensure appropriate scope, branding, and messaging of the statements and materials provided in accordance with contractual obligations.
• Represent CIP in pre-sales information security discussions and activities including responding to RFPs and initial contract negotiations.
• Review information security language in client contracts to ensure compliance and alignment with EviCore’s information protection policies, standards, and capabilities.
• Develop/Maintain team repository of frequently asked information protection questions and responses.
• Develop relationships with EviCore account managers and proposal teams to ensure requests are processed completely, in a timely manner, and to the level of detail consistent with client expectations.
• Assist with projects associated with team integration efforts to standardize processes enterprise-wide.
• Partner with the enterprise Cigna/ESI Information Protection and Client Risk Management teams to ensure cohesive and consistent enterprise responses where applicable to eviCore services and client needs.
• Support internal requests related to security audits, externally-facing statements, cyber insurance forms, regulatory activities, and other events.
• Obtain and prepare supporting evidence for client audit requests.
• Perform quarterly and annual reviews to refresh enterprise content and standardized documentation.

Responsibilities

• • Solid understanding of data classifications to know when and what information can be shared external to EviCore.
• • Knowledge of generally accepted Information Security controls (e.g. NIST 800-53, NIST 800-171, ISO 27001)
• • High customer focus and comfortable working with strict time constraints
• • Excellent verbal and written communication skills along with presentation skills. Must be proficient with Microsoft Word, Microsoft Excel, and Adobe.
• • Must be comfortable with responding to various formats of surveys and questionnaires including online portals.
• • Strong technical and analytical skills.
• • Excellent organizational skills and ability to communicate with internal/external entities and management. Project management skills a plus.