Sr Analyst, Information Security - Cyber resiliency

About The Position

Requirements

• 2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment
• Working knowledge of Information Security policies and procedures; experience supporting GRC programs
• Working knowledge and understanding of cyber resiliency concepts and frameworks
• Assist in development, implementation, and maintenance of the organization’s cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices.
• Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting.
• Understanding of disaster recovery, cyber incident response, crisis management and business continuity testing concepts
• Maintain documentation of processes, controls, and testing related to cyber resiliency requirements; create and prepare metrics and reporting on findings and recommendations for management.
• Solid understanding of relevant regulations and frameworks aligning to NIST 800 and NIST CSF Frameworks, ISO, HITRUST, HIPPA, PCI, ZTMM
• Possess security architecture and engineering knowledge including zero trust concepts.
• Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement.
• Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization.
• Demonstrate attention to detail

Nice To Haves

• Knowledge of: Information security policies, procedures and risk management
• Regulatory standards including SOX, SOC, HIPAA, PCI, and HITRUST
• NIST or ISO Cyber Resiliency frameworks
• Security architecture, networking, and network related systems
• Cyber incident response and disaster recovery processes
• Skill in: Interpersonal and collaboration skills
• Customer service and relationship building
• Effective time management
• Ability To: Execute on assigned tasks, providing timely feedback to customers/stakeholders/teammates
• Collaborate across many teams in a large-scale environment

Responsibilities

• Provides operational support for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise.
• Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program.
• Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework.
• Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks.
• Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program.
• Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices.
• Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators.
• Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up.
• Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program.
• Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits.

Benefits

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.