Sr Analyst, Technical Security Risk Mgt

CVS Health

About The Position

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care. As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day. Position Summary This role conducts thorough security risk assessments for new technologies before deployment and technologies post-deployment in the production environment. Identifies, assesses, analyzes security risks, scrutinizes potential vulnerabilities, and provides risk mitigation strategies to ensure compliance and adherence to information security standards for a seamless and secure integration. This role will require the colleague to engage project managers, project management team members including developers, architects, infrastructure engineers, and EIS stakeholders as applicable. This role should be able to describe technical issues to business partners or senior leaders in risk terms that are clear and understandable while still having some subject matter expertise. This role should be able to lead small teams, mentor junior team members, oversee third party contractors, and respond to critical requests. If you have an interest in, and a passion for technology and cybersecurity this is the position for you!

Requirements

3+ years’ experience in core Information Technology areas, such as cloud platforms, networking, IAM, systems administration, cryptographic keys, etc.
3+ years performing technical comprehensive risk assessments across infrastructure and applications
3+ years of information security or related experience
Minimum of 3 years of hands-on experience with industry-standard security frameworks and regulatory requirements, such as NIST SP 800-53, ISO/IEC 27001/27002, HIPAA/HITECH, HITRUST, and PCI-DSS.
Ability to comprehend implications of security risk (inherent risk, residual risks), compensating controls, etc.

Nice To Haves

Industry related certification(s).
Solid written and verbal communication skills
Ability to demonstrate critical thinking and knowledge of risk management basic processes, tools, and techniques
Experience with vulnerability management tools and remediation recommendations.
Knowledge of current security threat and vulnerability trends
Understanding of cloud Security best practices and frameworks

Benefits

Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume