HIH - Cyber Security Lead Analyst –APAC

Job Description Summary:

The Information Protection Lead Analyst is responsible for supporting Information Protection (CIP) activities across the Middle East and Africa (MEA) region, with a focus on cyber reactive and proactive threat management, from identification, to analysis, and ending with response in alignment with enterprise-wide standards and processes. This role contributes to the effective extension of threat management capabilities by supporting security monitoring, threat intelligence, and vulnerability management activities across infrastructure, applications, cloud environments, and third-party services.

Working closely with the CIP Kingdom of Saudi Arabia (KSA) team, central CIP shared services, and key regional stakeholders, this role supports the coordination, analysis, and continuous improvement of cyber threat management processes. The position aligns with cyber defense and incident response functions and plays a key role in ensuring regional threat management activities are consistent with global policies, standards, and risk management objectives. At Lead Analyst level, the role provides additional technical leadership and coordination across teams and service providers.

About Cigna:

Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare.

Responsibilities:

• Track, analyze, and support remediation of security vulnerabilities, weaknesses, and findings originating from vulnerability assessments, penetration tests, and automated security testing activities in coordination with relevant stakeholders.
• Work closely with MEA technology and business stakeholders to coordinate remediation activities, monitor progress, escalate risks as required, and ensure timely resolution of identified threat‑related issues.
• Consume and analyze cyber threat intelligence from enterprise and external sources to identify relevant threats to the MEA region.
• Assess adversary tactics, techniques, and indicators to support threat prioritization and response activities.
• Collaborate with regional and global Information Protection teams and ensure threat management practices, controls, and remediation activities are implemented in alignment with enterprise security standards, policies, and processes.
• Assist in the review, development, and maintenance of local CIP policies, standards, and guidelines related to cyber threat management, ensuring consistency with global requirements.
• Support the conduct of regulatory, internal, and third‑party audits related to threat management by providing evidence, analysis, and subject‑matter input as required.
• Maintain strong working relationships with individuals and groups involved in managing information threats across the organization, including IT, risk management, governance, and third‑party service providers.
• Stay abreast of current and emerging cyber threats, attacker techniques, and industry trends, and contribute to the continuous improvement of threat management practices and awareness across the organization.
• Provide technical guidance, coordinate complex threat‑related activities, and support the maturation of regional threat management capabilities in alignment with enterprise direction.
• Perform threat management reporting, including the definition, tracking, and analysis of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), to support management oversight and risk‑based decision making.
• Contribute threat intelligence insights to risk assessments and management reporting.
• Assist in the review and approval of application/infrastructure changes in terms of security
• Assist in the creation of security reports with recommendations for appropriate remediation and communicate risk findings with development and infrastructure teams.

Skills required:

• Strong understanding of cyber threat management concepts.
• Ability to analyze and interpret security alerts, findings, advisories, and threat‑related data.
• Working knowledge of vulnerability management and application security testing solutions.
• Understanding of common threats and attacker techniques relevant to enterprise environments.
• Solid knowledge of networking fundamentals, operating systems, and enterprise technologies.
• Familiarity with cloud service models (SaaS, PaaS, IaaS) and related security considerations.
• Ability to assess, prioritize remediation, and communicate vulnerabilities & findings clearly.
• Solid knowledge of cyber threat intelligence concepts.
• Ability to analyze and contextualize threat intelligence for relevance to enterprise environments.
• Ability to communicate threat intelligence insights to technical and non‑technical stakeholders.
• Demonstrated ability to work individually & as a team player in fast paced environments.
• Strong stakeholder coordination skills across technology, risk, governance, and third parties.
• Ability to operate within globally defined security standards, policies, and processes.
• Strong written and verbal communication skills with an audit‑ready mindset.
• Strong analytical and problem‑solving skills with attention to detail.
• Ability to provide technical guidance and influence threat management improvements.
• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC, AES, etc.).
• Understanding of OWASP.

Qualifications:

• Bachelor’s degree in information security, computer science, or a related discipline
• 6+ years of experience in cybersecurity, threat management, SOC, or related defense functions.
• Experience supporting & coordinating activities related to threat management.
• Relevant professional certifications (e.g., GCIH, GCIA, CRISC, or equivalent) are desirable.
• Passionate about security and finding new ways to protect systems (as well as break them)
• Strong analytical and problem-solving skills, with the ability to “think outside the box”.
• Ability to work in a flexible environment where requirements & procedures continuously evolve.
• Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.