Third Party Risk Lead - DORA
About this role
About Cigna Healthcare
Cigna Healthcare is a global health service company dedicated to transforming healthcare. With roots in the U.S. and operations in over 30 countries, we serve more than 180 million customers and patients worldwide. Ranked 13th on the Fortune 500 in 2025, Cigna is recognized as one of the most trusted and influential names in the industry.
Our mission is to improve the health, well-being, and peace of mind of those we serve.
Join our globally recognized brand, where trust, communication, and a positive culture are at the core of everything we do. Our leadership is consistent, approachable, and supportive-ensuring your well-being and work-life balance.
We're looking for individuals who thrive in collaborative environments, are passionate about meaningful change, and want to grow in a company that puts people first.
At Cigna, you'll be part of a purpose-driven team that values innovation, compassion, and impact. Whether you're shaping better care experiences or supporting customers through life's key moments, your work will matter.
Grow with us-and help shape the future of healthcare.
About the role
This role leads a risk-driven regulatory change
programme
to deliver and sustain DORA compliance for ICT third-party services (critical and non-critical suppliers). It translates regulatory expectations into a practical delivery roadmap,
prioritised
,
sequenced
and measurable, so
outcomes
land in BAU, not just in documentation.
Accountable for end-to-end execution, the role drives progress across Technology, Procurement, Legal, Vendor Owners and Risk: managing competing priorities,
dependencies
and delivery risk, and removing blockers to
maintain
momentum in live BAU environments.
This role should be
comfortable making proportionate, risk-based decisions with incomplete information and progressing delivery as requirements and frameworks evolve
;
maintaining
regulatory confidence through clear governance,
timely
escalation
and audit-ready evidence.
Key Outcomes
DORA-aligned Third
Party Risk Framework defined and embedded into BAU
Clear criticality classification and vendor tiering model
Defined roles and responsibilities across the 3 Lines of
Defense
Effective vendor lifecycle management from onboarding through exit
Regulatory-ready evidence for audit and supervisory review
Core Responsibilities
1. Framework & Policy Definition
Lead delivery of the Third
Party Risk Framework aligned to DORA, ensuring it is implemented and embedded into BAU across functions
Drive delivery of criticality tiering and ICT service classification, aligning Technology, Vendor Owners, Procurement and Risk on decisions and dependencies
Operationalise
proportionality rules for critical vs non-critical vendors to enable
timely
, risk-based decisions and consistent execution across the vendor lifecycle
Run governance and refresh cycles, tracking delivery progress, sequencing
activity
and managing dependencies to
maintain
regulatory confidence
Align and
socialise
roles and responsibilities across the 3 Lines of
Defense
to enable clear ownership, escalation
paths
and delivery execution
2. Onboarding & Contracting Controls
Deliver pre-contract due diligence and ICT risk assessment standards, coordinating Technology, Vendor Owners, Procurement and Risk to meet milestones
Drive implementation of DORA-aligned contractual clauses and addendums, coordinating Legal and Procurement to resolve issues and keep delivery on track
Coordinate Technology, Vendor Owners, Procurement, Legal and Risk to manage dependencies, resolve blockers and drive onboarding and contracting outcomes
Embed differentiated onboarding requirements based on vendor criticality into BAU processes, ensuring consistent execution across functions
3. Vendor Management & BAU Execution
Operationalise
standard and enhanced vendor management task sets, aligning Technology, Vendor Owners and Risk on execution expectations and timelines
Drive periodic reassessment of vendor criticality, aligning Technology, Vendor Owners and Risk on risk-based decisions and resulting actions
Coordinate delivery of resilience testing and exit planning for critical ICT suppliers, managing dependencies across Technology, Vendor Owners, Procurement and Risk
4. Reporting, Governance & Regulatory Readiness
Deliver
programme
reporting to governance and executive forums, providing clear progress, risks,
dependencies
and decisions
Requirements
- Coordinate regulatory engagement and audit activity, ensuring
- timely
- delivery of evidence and remediation actions across stakeholders
- Provide pragmatic DORA third party risk
- expertise
- to resolve ambiguity, enable
- decisions
- and keep delivery moving
- Skills & Experience Required
- Proven Third Party / Vendor Risk Management experience, delivering improvements across the end-to-end vendor lifecycle
- Strong understanding of ICT third party risk and controls, with ability to drive consistent execution across onboarding, contracting and BAU oversight
- Experience delivering complex regulatory change in regulated environments, with clear ownership of milestones,
- dependencies
- and outcomes
- Strong GRC capability, focused on turning requirements into operational controls,
- evidence
- and measurable BAU outcomes
- Experience interpreting and applying regulatory requirements in a pragmatic, risk-based way to
- maintain
- regulatory confidence
- Proven ability to
- operationalise
- regulatory requirements into BAU, driving delivery plans, sequencing
- activity
- and managing cross-functional dependencies
- Strong stakeholder management and influencing skills, able to deliver outcomes through Technology, Procurement, Legal, Vendor Owners and Risk without formal authority
- Why You'll Love Working here
- Competitive salary
- Multicultural and hybrid working environment
- Private Medical Insurance
- Employee Wellbeing Benefits
- Educational Development Program
- About Cigna Healthcare
- Cigna Healthcare, a division of The Cigna Group, is an advocate for better health through every stage of life. We guide our customers through the health care system, empowering them with the information and insight they need to make the best choices for improving their health and vitality. Join us in driving growth and improving lives.
- Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
- If
- you require reasonable accommodation in completing the online application process, please email:
- SeeYourselfEMEA@cigna.com
- for support. Do not email
- SeeYourselfEMEA@cigna.com
- for an update on your application or to provide your resume as you will not receive a response.