
INTRODUCTION TO EVERNORTH:
Evernorth Health Services India, established in Hyderabad in 2024, is an innovation hub for Evernorth Health Services, the pharmacy, care and benefits division of The Cigna Group. The innovation hub will support innovation-focused areas, such as generative AI, product development, process improvement, analytics, and software engineering across The Cigna Group and its businesses. Evernorth Health Services India builds on The Cigna Group’s existing presence in India.
About Evernorth Health Services:
Evernorth Health Services (Evernorth) is the pharmacy, care and benefits solution division of The Cigna Group - a Fortune 16 global health company with 75,000 employees, 186 million customers in more than 30 countries and jurisdictions around the world. Evernorth exists to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people. We do this by creating and connecting premier health services offerings, such as benefits management, pharmacy, care solutions, insights and intelligence.
About Cigna:
The Cigna Group is a global health company committed to improving the health and vitality of individuals and communities around the world and includes products and services marketed under its Cigna Healthcare and Evernorth Health Services subsidiaries. Cigna Healthcare is the health benefits provider of The Cigna Group, serving customers and clients through its U.S. Employer, U.S. Government, and International Health business. Evernorth Health Services is the pharmacy, care and benefits solution division of The Cigna Group.
Job Title
Information Protection Lead Analyst
Position Overview
Identity & Access Management (IAM)
Job Overview:
Focus Area: User Access Review Lifecycle, Identity Governance, Entitlement Management & Compliance
The Information Protection Lead Analyst supports and leads Identity Governance operations by executing, validating, and overseeing Identity & Access Management (IAM) controls across the enterprise, with a strong focus on risk mitigation and audit readiness. This role is responsible for ensuring accurate, consistent, and risk-aligned execution of the User Access Review (UAR) lifecycle and entitlement governance processes, proactively identifying and remediating access-related risks, and enforcing least privilege principles. In addition to hands-on delivery, the Lead Analyst provides mentorship and quality oversight to junior analysts, ensuring deliverables meet standards for completeness, accuracy, and compliance. Through cross-functional collaboration, this role drives effective control execution in alignment with SOX, SOC1/SOC2, HIPAA, and internal audit requirements, contributing to strengthened control effectiveness and a sustained zero- findings posture
Responsibilities:
1. 1. Key
1. Access Review Lifecycle Execution & Risk Mitigation
< >Lead the end-to-end execution of Identity Access Reviews (UAR) across in-scope applications, ensuring alignment with enterprise risk management objectives.Perform rigorous validation of review inputs and outputs to ensure population completeness, entitlement accuracy, and least privilege enforcement.Proactively identify and assess access-related risks, including excessive privileges, toxic combinations, and orphaned accounts.Drive timely completion of manager certifications by monitoring SLAs, escalating delays, and mitigating risk of non-compliance.Partner with application owners to remediate identified access risks, ensuring corrective actions are tracked, validated, and completed within defined timeframes.Produce and maintain audit-ready evidence supporting all phases of the review lifecycle, ensuring traceability and defensibility.
2. Entitlement Governance & Evidence Integrity
< >Oversee entitlement inventory management, ensuring data integrity, standardization, and alignment with control requirements.Validate entitlement evidence through structured review processes to confirm accuracy, completeness, and appropriate access design.Identify gaps in entitlement definitions or ownership that may introduce control weaknesses or audit exposure, and drive remediation.Support periodic certification cycles (quarterly/semi-annual) with a focus on reducing risk through improved entitlement clarity and governance.
3. Compliance, Controls & Continuous Risk Reduction
< >Ensure IAM controls operate effectively in compliance with SOX, SOC1/SOC2, HIPAA, and internal audit standards, with a focus on preventing control failures.Identify, document, and assess control gaps, deficiencies, and emerging risks, and lead development of mitigation strategies.Partner with IAM leadership and audit stakeholders to prioritize remediation efforts based on risk severity and regulatory impact.Maintain comprehensive, audit-defensible documentation supporting control execution, including process narratives, SOPs, and evidence artifacts.Drive a zero-findings posture by enforcing standardized processes, improving control design, and strengthening operational discipline.
4. IAM Tooling, Data Analytics & Risk Insights
< >Utilize IAM platforms (e.g., Saviynt) to execute campaigns, analyze access data, and detect anomalies or high-risk access patterns.Perform advanced data analysis using Excel (and/or SQL) to validate population completeness, reconcile discrepancies, and identify systemic control issues.Develop and implement >
About Evernorth Health Services
Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.