Job Description
Risk and Controls Advisor Role is open for an Operational Risk Advisor within International Markets Technology. This is a critical role as the Risk and Control team look to strengthen its support for the Technology teams across Europe, North America, Middle East, and Asia. The Operational Risk Advisor core activities consist of: Develop, maintain, and update risk and control framework: Development of risk and control assessment to include inherent risk, control assessment, residual risk, and the overall risk exposure against risk appetite, including risk identification, scoring, and measurement Adherence to Cigna s Risk Framework Adherence to policy, procedure, and process across BAU and project change Risk Control & Mitigation: Identification of required controls and assessment of effectiveness with technology partners, correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, and Quantified Measurement & Comparative Analysis Innovate and enhance the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities Assess operational risk response strategies Validate risk transfer options End to end ownership of the IT Operational framework Risk Forum, including reporting, collation of MI and relevant escalations to second and third lines of defence; including escalation where warranted Maintenance of the IT Operational Risk Register Development of an end-to-end risk and control assessment to include inherent risk, control assessment, residual risk, and the overall risk exposure against risk appetite Represent IT at other Cigna Risk Forums (where applicable) Relationship building of Operational Risk & Control across the IM Technology function covering all regions and global services: Work with stakeholders to undertake risk assessment activity including identification, management and reporting of risks, issues, incidents, and controls Assist stakeholders with root cause analysis activities Support stakeholders in regular audit and assurance testing Host monthly IM Technology Risk Forums / Committees including data and reporting input / output Risk monitoring & reporting: Implement a process to regularly monitoring operational risk profiles and material exposure to losses Provide appropriate reporting mechanisms to the relevant board(s), senior management, and the business lines Support management of open audit / assurance and security gaps: Support the remediation and closure processes, seeking expert guidance where needed and escalating issues if required Maintain reports capturing web vulnerability volume and data attributes Support in remediation plans and liaise with key stakeholders to facilitate, including but not limited to: Local and Enterprise level International Technology Application and Infrastructure teams, Cigna Information Protection, and external parties Key skills essential to have: Fluent in English Establishment and Management of Controls Framework Experience Minimum 5 years experience in operational technology risk management Minimum 3 years experience in operational risk Effective communication and presentation skills Strong technical skills: Excel, ppt, SharePoint / SharePoint online Collaborator Key skills good to have: Understanding and awareness of cyber security concepts Process mapping including delivery of documentation, identification of process improvements, identification, definition and mapping of process controls Tableau
