Cigna Healthcare

healthcare

ThirdPartyRiskLeadDORA

Madrid, Spain FULL TIME Remote Friendly

The Brief

“Third Party Risk Lead - DORA at Cigna Healthcare. Skills: Third Party Risk Management, DORA compliance, regulatory change delivery, GRC capability, stakeholder management. Lead delivery of the Third-Party Risk Framework aligned to DORA, ensuring it is implemented and embedded into BAU across functions. Drive delivery of criticality tiering and ICT service classification, aligning Technology, Vendor Owners, Procurement and Risk on decisions and dependencies”

What You'll Achieve.

DORA-aligned Third-Party Risk Framework defined and embedded into BAU; Clear criticality classification and vendor tiering model; Defined roles and responsibilities across the 3 Lines of Defense; Effective vendor lifecycle management from onboarding through exit; Regulatory-ready evidence for audit and supervisory review

Industry & Context.

healthcare

Problems you'll solve

making proportionate, risk-based decisions with incomplete information; resolve ambiguity; enable decisions

What They're Looking For.

Must Have

Proven Third Party / Vendor Risk Management experience, delivering improvements across the end-to-end vendor lifecycle, understanding of ICT third party risk and controls, with ability to drive consistent execution across onboarding, contracting and BAU oversight, Experience delivering complex regulatory change in regulated environments, with clear ownership of milestones, dependencies and outcomes, GRC capability, focused on turning requirements into operational controls, evidence and measurable BAU outcomes, Experience interpreting and applying regulatory requirements in a pragmatic, risk-based way to maintain regulatory confidence, Proven ability to operationalise regulatory requirements into BAU, driving delivery plans, sequencing activity and managing cross-functional dependencies, stakeholder management and influencing skills, able to deliver outcomes through Technology, Procurement, Legal, Vendor Owners and Risk without formal authority

What You'll Do.

Lead delivery of the Third-Party Risk Framework aligned to DORA

ensuring it is implemented and embedded into BAU across functions

Drive delivery of criticality tiering and ICT service classification

Procurement and Risk on decisions and dependencies

Operationalise proportionality rules for critical vs non-critical vendors to enable timely

risk-based decisions and consistent execution across the vendor lifecycle

Run governance and refresh cycles

tracking delivery progress

sequencing activity and managing dependencies to maintain regulatory confidence

Align and socialise roles and responsibilities across the 3 Lines of Defense to enable clear ownership

escalation paths and delivery execution

Deliver pre-contract due diligence and ICT risk assessment standards

coordinating Technology

Procurement and Risk to meet milestones

Drive implementation of DORA-aligned contractual clauses and addendums

coordinating Legal and Procurement to resolve issues and keep delivery on track

Coordinate Technology

Legal and Risk to manage dependencies

resolve blockers and drive onboarding and contracting outcomes

Embed differentiated onboarding requirements based on vendor criticality into BAU processes

ensuring consistent execution across functions

Operationalise standard and enhanced vendor management task sets

Vendor Owners and Risk on execution expectations and timelines

Drive periodic reassessment of vendor criticality

Vendor Owners and Risk on risk-based decisions and resulting actions

Coordinate delivery of resilience testing and exit planning for critical ICT suppliers

managing dependencies across Technology

Deliver programme reporting to governance and executive forums

providing clear progress

dependencies and decisions required

Coordinate regulatory engagement and audit activity

ensuring timely delivery of evidence and remediation actions across stakeholders

Provide pragmatic DORA third party risk expertise to resolve ambiguity

enable decisions and keep delivery moving

How You'll Work.

Team & Collaboration

Accountable for end-to-end execution, the role drives progress across Technology, Procurement, Legal, Vendor Owners and Risk; managing competing priorities, dependencies and delivery risk, and removing blockers to maintain momentum in live BAU environments; comfortable making proportionate, risk-based decisions with incomplete information and progressing delivery as requirements and frameworks maintaining regulatory confidence through clear governance, timely escalation and audit-ready evidence; aligning Technology, Vendor Owners, Procurement and Risk on decisions and dependencies; align and socialise roles and responsibilities across the 3 Lines of Defense; coordinating Technology, Vendor Owners, Procurement and Risk to meet milestones; coordinating Legal and Procurement to resolve issues and keep delivery on track; Coordinate Technology, Vendor Owners, Procurement, Legal and Risk to manage dependencies, resolve blockers and drive onboarding and contracting outcomes; aligning Technology, Vendor Owners and Risk on execution expectations and timelines; aligning Technology, Vendor Owners and Risk on risk-based decisions and resulting actions; managing dependencies across Technology, Vendor Owners, Procurement and Risk; ensuring timely delivery of evidence and remediation actions across stakeholders

Communication Scope

clear governance; timely escalation; clear progress, risks, dependencies and decisions required

Process & Methodology

translates regulatory expectations into a practical delivery roadmap, prioritised, sequenced and measurable, managing competing priorities, dependencies and delivery risk, removing blockers to maintain momentum, progressing delivery as requirements and frameworks, tracking delivery progress, sequencing activity and managing dependencies, driving delivery plans, sequencing activity and managing cross-functional dependencies

Free ATS check

Applying for this Third Party Risk Lead - DORA role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

Skill Signal 22 detected

Required

DORA compliance ×3

risk-based decision making ×3

operationalising proportionality rules ×3

driving delivery plans ×3

sequencing activity ×3

managing cross-functional dependencies ×3

delivering outcomes through collaboration without formal authority ×3

Third Party Risk Management ×2

regulatory change delivery ×2

GRC capability ×2

Nice to have

ICT third-party services risk management

risk-driven regulatory change programme delivery

vendor lifecycle management

governance and refresh cycles

pre-contract due diligence

ICT risk assessment

vendor management

resilience testing

exit planning

regulatory engagement

Behavioural

influencing skills

stakeholder management

Role Details

Seniority

mid

Work Mode

hybrid

Type

FULL TIME

Experience

2–5 yrs

AI-Extracted Insights

Domain Areas

dora

ict-third-party-risk

regulatory-change-in-regulated-environments

healthcare

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Cigna Healthcare?

Real rants from real employees. Read before you apply.

Read Company Rants →