INTRODUCTION TO EVERNORTH:
Evernorth Health Services India, established in Hyderabad in 2024, is an innovation hub for Evernorth Health Services, the pharmacy, care and benefits division of The Cigna Group. The innovation hub will support innovation-focused areas, such as generative AI, product development, process improvement, analytics, and software engineering across The Cigna Group and its businesses. Evernorth Health Services India builds on The Cigna Group’s existing presence in India.
About Evernorth Health Services:
Evernorth Health Services (Evernorth) is the pharmacy, care and benefits solution division of The Cigna Group - a Fortune 16 global health company with 75,000 employees, 186 million customers in more than 30 countries and jurisdictions around the world. Evernorth exists to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people. We do this by creating and connecting premier health services offerings, such as benefits management, pharmacy, care solutions, insights and intelligence.
About Cigna:
The Cigna Group is a global health company committed to improving the health and vitality of individuals and communities around the world and includes products and services marketed under its Cigna Healthcare and Evernorth Health Services subsidiaries. Cigna Healthcare is the health benefits provider of The Cigna Group, serving customers and clients through its U.S. Employer, U.S. Government, and International Health business. Evernorth Health Services is the pharmacy, care and benefits solution division of The Cigna Group.
Information Protection Lead Analyst
Identity & Access Management (IAM)
Focus Area: User Access Review Lifecycle, Identity Governance, Entitlement Management & Compliance
The Information Protection Lead Analyst supports and leads Identity Governance operations by executing, validating, and overseeing Identity & Access Management (IAM) controls across the enterprise, with a strong focus on risk mitigation and audit readiness. This role is responsible for ensuring accurate, consistent, and risk-aligned execution of the User Access Review (UAR) lifecycle and entitlement governance processes, proactively identifying and remediating access-related risks, and enforcing least privilege principles. In addition to hands-on delivery, the Lead Analyst provides mentorship and quality oversight to junior analysts, ensuring deliverables meet standards for completeness, accuracy, and compliance. Through cross-functional collaboration, this role drives effective control execution in alignment with SOX, SOC1/SOC2, HIPAA, and internal audit requirements, contributing to strengthened control effectiveness and a sustained zero- findings posture
1. 1. Key
1. Access Review Lifecycle Execution & Risk Mitigation
< >Lead the end-to-end execution of Identity Access Reviews (UAR) across in-scope applications, ensuring alignment with enterprise risk management objectives.Perform rigorous validation of review inputs and outputs to ensure population completeness, entitlement accuracy, and least privilege enforcement.Proactively identify and assess access-related risks, including excessive privileges, toxic combinations, and orphaned accounts.Drive timely completion of manager certifications by monitoring SLAs, escalating delays, and mitigating risk of non-compliance.Partner with application owners to remediate identified access risks, ensuring corrective actions are tracked, validated, and completed within defined timeframes.Produce and maintain audit-ready evidence supporting all phases of the review lifecycle, ensuring traceability and defensibility.
2. Entitlement Governance & Evidence Integrity
< >Oversee entitlement inventory management, ensuring data integrity, standardization, and alignment with control requirements.Validate entitlement evidence through structured review processes to confirm accuracy, completeness, and appropriate access design.Identify gaps in entitlement definitions or ownership that may introduce control weaknesses or audit exposure, and drive remediation.Support periodic certification cycles (quarterly/semi-annual) with a focus on reducing risk through improved entitlement clarity and governance.
3. Compliance, Controls & Continuous Risk Reduction
< >Ensure IAM controls operate effectively in compliance with SOX, SOC1/SOC2, HIPAA, and internal audit standards, with a focus on preventing control failures.Identify, document, and assess control gaps, deficiencies, and emerging risks, and lead development of mitigation strategies.Partner with IAM leadership and audit stakeholders to prioritize remediation efforts based on risk severity and regulatory impact.Maintain comprehensive, audit-defensible documentation supporting control execution, including process narratives, SOPs, and evidence artifacts.Drive a zero-findings posture by enforcing standardized processes, improving control design, and strengthening operational discipline.
4. IAM Tooling, Data Analytics & Risk Insights
< >Utilize IAM platforms (e.g., Saviynt) to execute campaigns, analyze access data, and detect anomalies or high-risk access patterns.Perform advanced data analysis using Excel (and/or SQL) to validate population completeness, reconcile discrepancies, and identify systemic control issues.Develop and implement data-driven controls and quality checks to proactively mitigate risk and improve accuracy of review datasets.Support automation and continuous improvement initiatives to reduce manual effort and minimize risk exposure.
5. Cross-Functional Collaboration & Risk Communication
< >Act as a key liaison across IAM, application teams, compliance, and audit partners to drive risk-informed decision-making.Clearly communicate risk findings, control deficiencies, and remediation requirements to stakeholders at all levels.Influence application teams to adopt secure access design and least privilege principles to reduce future risk exposure.Lead and contribute to process improvement initiatives that enhance control effectiveness, audit readiness, and operational efficiency.
6. Leadership & Oversight
< >Mentor and guide junior analysts in risk identification, control validation, and audit expectations, reinforcing consistency in control execution.Provide quality assurance (QA) oversight of team deliverables to ensure accuracy, completeness, and adherence to compliance standards.Establish and enforce standardized review practices and validation checkpoints to reduce variability and audit risk across analysts.Act as an escalation point for complex risk scenarios, providing expert judgment and direction on remediation strategies.Support workload prioritization and execution planning with a focus on risk-based decision making and resource optimization.
Education:
< >Bachelor’s degree and equivalent experience required
Experience:
< >5-8 years of experience1–3+ years of experience in Identity & Access Management, Information Security, or related technical fields.
Required Skills:
< >Advanced Microsoft Excel skills, including pivot tables, complex formulas, large‑dataset handling, and data validation.Strong understanding of IAM concepts: entitlements, least‑privilege, certification workflows.Ability to interpret technical access data and communicate it to non‑technical audiences.Familiarity with compliance frameworks (SOX, SOC1/SOC2, HIPAA) and audit expectations.Experience with IAM tools such as Saviynt (preferred).Exposure to SQL for data validation or reporting. Prior experience in Privileged Access Management (PAM) or application access onboarding.
Success Measures
< >Accurate, high‑quality execution of each review cycle with minimal data defects.On‑time completion of all UAR and entitlement review tasks.High standard of audit readiness, demonstrated by complete, well‑organized evidence packages.Maintain a 99.999% audit success rate with zero compliance findings, supporting enterprise audit objectives.Positive feedback from IAM leaders, auditors, and application partners on review accuracy and responsiveness.
Equal Opportunity Statement
Evernorth is an Equal Opportunity Employer actively encouraging and supporting organization-wide involvement of staff in diversity, equity, and inclusion efforts to educate, inform and advance both internal practices and external work with diverse client populations.
About Evernorth Health Services
Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.
