Legal compliance director

We are seeking a strategic and experienced Director of Enterprise Incident Response. This role will manage a team of privacy incident investigators and compliance professionals responsible for identifying, assessing, and managing privacy and security incidents. This role requires seasoned judgment, diplomacy, exceptional communication skills, and a demonstrated ability to identify and resolve issues proactively. This role will report to the Chief Privacy and Innovation Governance Officer.

Location:

Bloomfield, CT preferred. Hybrid. Open to alignment with one of Cigna’s office locations.

Responsibilities

• Lead and manage the enterprise incident response team, ensuring timely and thorough investigation of privacy and cybersecurity incidents
• Develop and maintain incident response protocols, standards, and escalation procedures, in alignment with regulatory requirements, including HIPAA, state and federal privacy laws, data use regulations, and breach notification laws
• Collaborate with Privacy Legal and Compliance Operations, IT, Cigna Information Protection, and Enterprise Risk Management, and other stakeholders to ensure coordinated incident handling and timely resolution
• Oversee root cause analysis and corrective action planning to prevent recurrence of incidents
• Provide executive-level reporting and insights on incident trends, risks, and mitigation strategies
• Serve as a subject matter expert on privacy incident management
• Lead continuous improvement initiatives to enhance the effectiveness and efficiency of the Enterprise Incident Response program
• Collaborate with partners in lines of business, legal, risk management and compliance to drive improvements to the way the enterprise identifies, assesses, responds to, and remediates privacy incidents
• Ensure thorough investigation, careful documentation, and timely resolution of incidents in a high-volume, fast-paced environment
• Develop and deliver training and awareness programs to educate on privacy incident response procedures and best practices
• Drive initiatives to enhance enterprise reporting and metrics
• Monitor and analyze privacy incident metrics and trends to identify areas for improvement and implement proactive measures to enhance the enterprise’s privacy posture
• Monitor industry trends, emerging threats, and best practices in privacy incident response and data protection and ensure the Enterprise Incident Response adopts best practices
• Support audits and assessments related to privacy incident response

Qualifications

• Bachelor’s degree required
• 10+ years of experience managing complex privacy incidents, with at least 5 years in a management role is required
• Deep knowledge of healthcare privacy regulations, including HIPAA and state and federal privacy laws
• Experience developing controls, procedures, metrics, and reporting for managing an effective Enterprise Incident Response program
• Demonstrated ability to lead, mentor, and develop incident response teams in a fast-paced environment
• Ability to work collaboratively and foster strong relationships in a large, matrixed organization
• Excellent analytical, problem-solving, and communication skills
• CIPP/US, CIPM, CHPC or similar certifications are highly desirable
• Our preference is to have someone in a hybrid role, working from an office three days a week. However, we’re open to considering remote arrangements for the right candidate.

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 154,400 - 257,400 USD / yearly, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus and long term incentive plan.

We want you to be healthy, balanced, and feel secure. That’s why you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, visit .

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: [email protected] for support. Do not email [email protected] for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.