Position SummaryThe Operational Risk Advisor will serve as an individual contributor and a key second-line risk function partner responsible for assessing and advising on the impact of organizational, process, system, and vendor changes to the Client Service & Operations (CS&O) SOC 1 and SOX control environment. This role focuses on proactive change risk assessment, control impact analysis, and governance support to ensure changes are implemented in a controlled, compliant, and audit-ready manner.
The Advisor partners closely with business, technology, and project teams to evaluate proposed initiatives, identify control implications, and ensure required control updates or mitigations are identified, documented, and tracked through established governance channels. This role plays a critical function in preserving control design and operating effectiveness amid change and strengthening risk transparency across CS&O.
Key Responsibilities- Assess organizational, process, system, vendor, and initiative-related changes for impacts to SOC 1 and SOX control design and operating effectiveness.
- Serve as a second-line operational risk advisor to business, IT, and project teams, providing guidance on control implications of proposed and approved changes.
- Lead formal change risk and control impact assessments; document required control updates, new controls, mitigating actions, or compensating controls.
- Coordinate updates to control narratives, Risk & Control Matrices (RACMs), ownership assignments, and evidence expectations resulting from approved changes.
- Partner with control owners to ensure control updates are practical, sustainable, and aligned with risk severity and audit expectations.
- Ensure change-related risks, decisions, and approvals are captured, tracked, and reported through established risk and governance forums.
- Identify and escalate potential control degradation, design gaps, or operating effectiveness concerns arising from changes.
- Support audit readiness by maintaining clear documentation, traceability, and rationale for control decisions associated with change activity.
- Collaborate with Technology, Controls, and Audit partners to ensure consistent application of change risk standards and methodologies.
- Contribute to reporting and dashboards related to change volume, control impact themes, and residual risk trends.
Qualifications- High School Diploma or GED required. Bachelor's degree in Accounting, Business, Risk Management, or a related field.
- Certifications preferred (not required): CIA, CPA, CISA, CRISC, or similar risk credentials.
- 4+ years of experience in operational risk, controls, audit, compliance, or governance roles.
- Hands-on experience supporting SOC 1 and/or SOX control environments.
- Demonstrated experience assessing change impacts to controls, processes, or systems.
- Strong documentation skills, including RACMs, control narratives, and risk assessments.
- Ability to partner effectively with project teams, business leaders, and technology stakeholders.
- Excellent written and verbal communication skills, with the ability to influence without authority.
Candidates who reside within 50 miles of the following locations may be asked to work in person on a hybrid schedule (three days per week): Bloomfield, CT, Chattanooga, TN, Denver, CO, St Louis, MO, or Scottsdale, AZ.If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
For this position, we anticipate offering an annual salary of 96,400 - 160,600 USD / yearly, depending on relevant factors, including experience and geographic location.
This role is also anticipated to be eligible to participate in an annual bonus plan.
At The Cigna Group, you'll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you'll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year, paid holidays, and leaves of absence. For more details on our employee benefits programs, click here.