CVS Health

Senior Analyst, Information Security – Cyber Resiliency

CVS Health

full-time

Posted on:

Location Type: Remote

Location: Remote • Arizona • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $72,100 - $144,200 per year

Job Level

Senior

About the role

  • Provides operational support for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise
  • Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program
  • Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework
  • Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks
  • Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program
  • Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices
  • Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators
  • Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up
  • Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program
  • Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits

Requirements

  • 2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment
  • Working knowledge of Information Security policies and procedures; experience supporting GRC programs
  • Working knowledge and understanding of cyber resiliency concepts and frameworks
  • Assist in development, implementation, and maintenance of the organization’s cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices
  • Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting
  • Understanding of disaster recovery, cyber incident response, crisis management and business continuity testing concepts
  • Maintain documentation of processes, controls, and testing related to cyber resiliency requirements; create and prepare metrics and reporting on findings and recommendations for management
  • Solid understanding of relevant regulations and frameworks aligning to NIST 800 and NIST CSF Frameworks, ISO, HITRUST, HIPAA, PCI, ZTMM
  • Possess security architecture and engineering knowledge including zero trust concepts
  • Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement
  • Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization
Benefits
  • Affordable medical plan options
  • 401(k) plan (including matching company contributions)
  • Employee stock purchase plan
  • No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching
  • Paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
GRCCyber resiliencyRisk managementRegulatory complianceInformation securityDisaster recoveryCyber incident responseCrisis managementBusiness continuity testingSecurity architecture
Soft skills
Analytical skillsProblem-solving skillsVerbal communicationWritten communicationStakeholder engagement