Security Risk Manager

About The Position

Requirements

• 5+ years of experience in an IT Security/IT Risk environment with a large regulated organization.
• 5+ years of experience in risk assessment methodologies, IT/IS Policies and Standards, IT risk standards and industry best practices (ISO 27000, HITRUST, CoBIT, Managing Vendor Assessments).
• 3+ years of experience or understanding of managing vendor assessments.
• 3+ years of experience with development and administration of risk assessments and reviews.
• 3+ years of experience with cyber security assessment processes and disciplines.
• 3+ years of experience with more than one major IT discipline (distributed computing, networks, application design and development, IT security and business recovery).

Nice To Haves

• Previous cyber security risk assessment experience within Healthcare or other highly regulated environments with certifications such as CISSP, CISA, CIPP, CISM, PCIP, ISA, CTPRA.
• Experience with regulatory requirements, including HIPAA, PCI-DSS.
• Knowledge and working experience with Information Security frameworks, including ISO27001 and the NIST CSF.
• Background in Cloud, AI, or other IT/IS areas.
• Strong interpersonal and oral/written communication skills, able to build relationships at all levels.
• Knowledge of web application security testing and vulnerability testing tools.
• Knowledge of network-level penetration testing.
• Knowledge of source code reviews using automated tools such as Veracode and/or manual analysis.

Responsibilities

• Work directly with SOC, business lines, and third-party contacts to facilitate actions associated with continuous monitoring.
• Identify and analyze risks through the CVS Health continuous monitoring program.
• Collaborate with internal organizations regarding third-party outreach to understand actions on discrete events.
• Manage, monitor, and coordinate resolution of security events to ensure awareness and risk reduction.
• Drive proactive interaction with third parties to avoid risk scenarios through engagement and education on security topics.

Benefits

• Full range of medical, dental, and vision benefits.
• 401(k) retirement savings plan.
• Employee Stock Purchase Plan.
• Fully-paid term life insurance plan.
• Short-term and long-term disability benefits.
• Well-being programs and education assistance.
• Free development courses.
• CVS store discount and discount programs with participating partners.
• Paid Time Off (PTO) or vacation pay, as well as paid holidays throughout the calendar year.