Lead Director, Cybersecurity Compliance

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

Provides leadership for the Cybersecurity compliance team, guiding colleagues in facilitating cybersecurity assessments and internal IT audit response across the enterprise.  Oversees regulatory compliance initiatives, including various external assessments, regulatory change management and internal audit response.  Responsible for supporting various regulatory requests, States exams, external inquiries, and consults teams to identify and assess compliance against regulatory requirements, ensuring adherence to applicable laws, rules, regulations, and industry standards.  Liaison with regulatory agencies and external stakeholders to address compliance-related inquiries and issues.  Actively manages large scale programs, simplifying complex and large-scale tasks into logical, manageable risk and compliance activities while overseeing coordination among other teams.  Identifies and implements reporting and processes while adhering to corporate policies, regulations, industry frameworks, and best practices. Provides expert advice and recommendations on technology compliance-related matters ensuring understanding and address any gaps and/or deficiencies.  Stays informed with regulatory requirements and industry practices and communicates/partners with IT and business colleagues keeping them informed with relevant updates and changes to stakeholders with application mitigation strategies and techniques for ongoing compliance.  Leads Cybersecurity compliance remediation efforts to identify and address any systemic or material issues for key workstreams including asset management, configuration change management, logging and monitoring, identity and access management, and vulnerability management.
Required Qualifications

• 10+ years of experience in regulatory compliance, internal audit, and information security in a corporate environment.
• 5+ years of experience with relevant regulations and one or more frameworks aligning to NIST, ISO, HITRUST, HIPPA, PCI 

• 3+ years of experience managing people and teams

​

Preferred Qualifications

• ​Solid analytical skills and technical acumen with the ability to interpret complex regulations and assess risks effectively in an Information Technology environment.
• Exceptional leadership and interpersonal skills with the ability to collaborate effectively with cross-functional teams, build relationships with key stakeholders at all levels and influence others to achieve compliance objectives
• Managing work efforts with both internal and external partners in a highly collaborative environment
• Effective use of reporting dashboards, GRC tools (RSA Archer), and presentation tools (PowerBI, Archer, Excel, Powerpoint, etc)
• Demonstrated critical thinking and knowledge of risk management processes, tools, and techniques
• Proven track record in cybersecurity with leading, facilitating, and managing regulatory compliance, internal audit, and external assessment program
• CRISC, CISA, CISSP, CISM, or equivalent certification

Education

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.