Staff Engineer - Regulatory Technology

About The Position

Requirements

• 7+ years of software engineering or software development experience, with a strong understanding of modern architectures and engineering practices
• 7+ years of technical project leadership experience, supporting engineering initiatives on cross‑functional teams in highly collaborative environments
• 5+ years of experience in internal audit, external assessments, risk management, regulatory compliance, or information security within a corporate environment
• 5+ years of experience with audit methodologies, internal control frameworks, risk assessments, and control testing techniques, with the ability to apply them to cloud and modern technology environments
• 3+ years of hands‑on experience with cloud security engineering, architecture, and/or automation, including designing or evaluating technical controls in cloud‑native platforms (AWS, Azure, GCP)

Nice To Haves

• Strong understanding of the software development lifecycle (SDLC) and secure development practices
• Experience with AI/ML platforms, tools, and related risk considerations
• Understanding of regulatory frameworks and security standards such as NIST, ISO, HITRUST, HIPAA, PCI, SOC 1/SOC 2, and SOX, with the ability to interpret and translate requirements into technical solutions
• Experience with DevOps/DevSecOps, CI/CD pipelines, infrastructure‑as‑code, and modern cloud infrastructure and cybersecurity patterns
• Ability to document and translate complex technical requirements for development team consumption
• Strong attention to detail with exceptional analytical and problem-solving skills; able to evaluate technical systems, identify risks, and propose pragmatic solutions
• Demonstrated ability to influence across engineering, security, and business teams, building strong relationships with technical and non-technical stakeholders
• Excellent written and verbal communication skills, capable of explaining complex technical and regulatory concepts in a clear and concise manner
• Experience working with risk management frameworks and identifying cybersecurity risks in modern technology environments
• Strong program management skills, including strategic planning, road-mapping, and technical project execution
• Industry experience in Healthcare, Insurance, or Retail is a plus
• Relevant certifications such as CCSK, CCSP, CISSP, CRISC, or similar credentials

Responsibilities

• Development and delivery of technology solutions that support the strategic direction of technology compliance and audit management for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Compliance organization.
• Design, modernize, and operationalize technology solutions that support SOX, SOC 1, SOC 2, PCI, HITRUST, NIST 800‑53, NYDFS, and other cybersecurity and regulatory frameworks.
• Partner closely with engineering teams, process and control owners, and security architects to develop robust, audit‑ready control environments and automate evidence collection for complex, modern technology stacks, including cloud‑native platforms, distributed systems, AI/ML solutions, and DevSecOps implementations.
• Translate regulatory requirements into scalable technical controls, automated testing approaches, and measurable compliance indicators.
• Contribute to the development and continuous improvement of compliance tooling, control processes, dashboards, and metrics.
• Collaborate with IT, business partners, Learning and Development, Internal Audit, Legal, and external assessors to ensure alignment, transparency, and consistent execution of the technology compliance program.

Benefits

• medical
• dental
• vision coverage
• paid time off
• retirement savings options
• wellness programs