Security and Compliance Analyst

About The Position

Requirements

• 3+ years of experience in application security, monitoring/management, vulnerability management, or risk and compliance
• 3+ years of experience working across all phases of SDLC and CI/CD pipelines
• 1+ years of experience managing or coordinating large-scale projects
• Strong understanding of security principles and secure coding practices Secure coding

Nice To Haves

• Technical Knowledge Background and understanding of networking and network security technologies, including: Azure Cloud security policy adherence TCP/IP networking knowledge (networking architecture, firewall configuration, DMZ layout) Advanced web technology knowledge (HTTP, HTML, SQL) Advanced knowledge of detection, exploitation, and prevention of software vulnerabilities (SQL Injection, XSS, buffer overflows, CSRF, etc.)
• Artificial Intelligence & Emerging Technologies Understanding of AI security risks and vulnerabilities specific to AI/ML systems and models Knowledge of security implications related to AI-assisted coding tools and AI-generated code Secure coding Experience evaluating security risks in AI-powered applications and services Familiarity with secure AI development practices and AI model security testing Awareness of AI-related compliance considerations and ethical AI principles Understanding of prompt injection, model poisoning, and other AI-specific attack vectors Experience with AI-powered security tools for vulnerability detection and threat analysis
• Compliance & Frameworks Understanding of compliance requirements such as PCI-DSS, SOX, HIPAA, and other relevant regulatory frameworks Knowledge of ITIL, service management, and quality management practices Familiarity with industry security frameworks and standards
• Development & Operations Understanding of CI/CD pipelines and DevSecOps practices Experience with Agile methodologies Knowledge of container security and cloud security controls
• Professional Certifications Professional security certification(s) such as CISSP, CISM, CEH, GIAC, or similar credentials (preferred but not required)
• Soft Skills Excellent communication skills required to facilitate meetings with both technical and business audiences across multiple functional departments on security-related topics Strong analytical and problem-solving abilities Ability to influence and drive change across organizational boundaries Collaborative mindset with proven ability to work effectively with cross-functional teams
• Bachelor's degree in Computer Science or equivalent work experience required

Responsibilities

• Participate in daily and weekly meetings with vulnerability management teams, lines of business, towers, and application owners to track status and progress of assigned vulnerabilities
• Ensure proper alignment of vulnerability assignments across lines of business, towers, and application groups
• Drive the creation, tracking, and timely closure of vulnerability remediation plans in accordance with CVS Health security timelines
• Monitor remediation of critical vulnerabilities within required timeframes (Critical: 7 days, High: 90 days, Medium: 180 days, Low: 365 days) Ci security requirements
• Advise business stakeholders and development teams on proper security practices throughout the Software Development Lifecycle
• Evaluate user needs and system functionality to help develop comprehensive IT security strategies for security scanning and detection
• Provide strategic guidance on infrastructure technologies to implement layered defense mechanisms
• Assess and communicate enterprise risks based on vulnerability findings and emerging threats
• Recommend appropriate mitigation strategies aligned with business objectives
• Partner with internal and external auditors during compliance and regulatory reviews
• Contribute to and influence application security policies across Pharmacy Services IT and the broader CVS enterprise
• Ensure adherence to CVS Health cybersecurity compliance requirements and industry standards Enterprise cybersecurity compliance policy
• Support continuous monitoring and assessment initiatives Continuous monitoring
• Provide appropriate updates and security status reporting to IT management
• Facilitate meetings with both technical and business audiences across multiple functional departments
• Document and track security remediation plans and exceptions
• Communicate complex security topics effectively to diverse stakeholder groups

Benefits

• This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families.
• The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.
• Additional details about available benefits are provided during the application process and on Benefits Moments.