CVS Health

VP, Cyber Defense – Threat Intelligence

CVS Health

full-time

Posted on:

Location Type: Hybrid

Location: ArizonaConnecticutUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud Platform

About the role

  • Own 24x7x365 enterprise SOC operations, ensuring continuous monitoring, detection, and triage across on-premises, cloud, and hybrid environments.
  • Drive SOC maturity through automation, SOAR playbook development, and metrics-driven performance management — targeting measurable reductions in mean time to detect (MTTD) and mean time to respond (MTTR).
  • Ensure SOC staffing, tooling, and process design meets HIPAA, PCI-DSS, and applicable state regulatory expectations for continuous monitoring of PHI/PII environments.
  • Lead vendor and MSSP relationships supporting SOC augmentation, establishing clear SLAs and escalation protocols.
  • Establish and mature an enterprise CTI program that delivers operationally relevant, decision-ready intelligence to executive, technical, and legal stakeholders.
  • Lead CSIRT operations responsible for classification, investigation, containment, eradication, and recovery of all significant security events.
  • Build and operate a formal Insider Risk program capable of detecting, investigating, and responding to malicious, negligent, and compromised insider threats at enterprise scale.
  • Establish CVS Health's enterprise AI Security Operations function — responsible for monitoring, detecting, and responding to threats targeting AI/ML systems, LLMs, agentic workflows, and AI-powered business processes.
  • Own the enterprise security data platform — including SIEM architecture, data lake engineering, telemetry ingestion pipelines, and security analytics — ensuring full visibility across the environment.
  • Manage the enterprise penetration testing program — including internal assessments, application testing, red team operations, and third-party engagements — on a risk-prioritized schedule.
  • Lead a mature adversary simulation program that continuously stress-tests CVS Health's detection and response capability against real-world threat actor TTPs.

Requirements

  • 15+ years of progressive cybersecurity leadership experience, with a minimum of 8 years in senior leadership roles overseeing enterprise-scale security operations.
  • Demonstrated experience leading or significantly maturing a 24x7 SOC, CSIRT, and/or threat intelligence function in a large, complex enterprise environment.
  • Proven track record of leading significant cyber incident response events — including ransomware, nation-state, and insider threat scenarios — at enterprise scale.
  • Deep technical fluency across core cyber defense domains: SIEM/SOAR, endpoint detection and response (EDR), network security monitoring, cloud security monitoring (AWS, Azure, GCP), and threat intelligence platforms.
  • Strong executive communication skills — able to translate complex technical findings into precise, actionable, and legally defensible communications for C-suite and Board audiences.
  • Experience operating in highly regulated industries with significant personal data obligations (healthcare, financial services, retail, or equivalent).
  • Familiarity with HIPAA Security Rule, NIST CSF, NIST SP 800-53, CIS Controls, MITRE ATT&CK, and applicable state data breach notification laws.
  • Experience leading insider risk or behavioral analytics programs with appropriate HR/Legal partnership.
Benefits
  • medical, dental, and vision coverage
  • paid time off
  • retirement savings options
  • wellness programs
  • comprehensive benefits package designed to support the physical, emotional, and financial well-being of colleagues and their families
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SOC operationsSOAR playbook developmentmean time to detect (MTTD)mean time to respond (MTTR)SIEM architecturedata lake engineeringtelemetry ingestion pipelinespenetration testingendpoint detection and response (EDR)cloud security monitoring
Soft Skills
executive communicationleadershipstakeholder managementincident responseteam collaborationstrategic planningproblem-solvingdecision-makingprocess designperformance management