Sr Analyst, Security Risk Management (Issues/Vulnerability Management)

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary
The Corporate Functions & Pharmacy Consumer Wellness (PCW) IT Compliance Team is looking for a resource to provide compliance-related support for the Vulnerability Management program.  

What you'll do:

• Oversight of Issues Management and related workflows
• Find data entry, manage GRC and executive approval workflows and maintain status
• Support application teams with process, procedures in the Vulnerability Management space
• Participate in the expansion of the Vulnerability Management program for our area and have the opportunity to support new, emerging VM compliance frameworks
• Interact closely with the internal team, other domain leads, application teams, and security teams, serving as a lead resource governing risk associated with Vulnerability Management control standards
• Assist with entry of Findings and application team support in the Issues Management compliance domain area
• Provide general guidance and support to application teams, including maintaining line of sight into status,  issues, priorities, and timelines
• Provide proactive, timely, targeted communications, alerts, and escalations as needed to help maintain awareness and minimize risk
• Maintain key files and relevant data sources for compliance reporting with high levels of data quality, consistency, and integrity

Required Qualifications

• 3-5 years of experience with IT Application Management, Issues Management, Vulnerability Management, Project or Program Management, Information Security, or related practice field.
• Strong problem-solving, analytical, critical thinking, and organizational skills with demonstrated versatility to handle concurrent high priority tasks.
• Strong oral and written and communication skills with ability to clearly articulate and communicate complex problems and solutions in a simple, logical, and impactful manner to both technical and non-technical stakeholders.
• Self-motivated with ability to work independently with minimal supervision or without direction, and ability to prioritize work effectively.
• Demonstrated ability to handle concurrent high priority tasks and work in dynamic environment on a daily basis.
• Experience working with large-scale application portfolios and application teams, across a variety of functional IT and business areas
• Experience providing executive-level status as well as driving issues to closure.
• Intermediate to advanced proficiency in MS Excel (pivot tables, lookups, etc.).

Preferred Qualifications

• Experience with RSA Archer / GRC, ServiceNow, or similar tools used for managing IT risk and compliance.
• Knowledge of IT security-related regulations and frameworks such as PCI, HIPAA, SOX, SOC1, SOC2, GDPR, NIST, ISO 27001, and COBIT.
• Security certifications such as CRISC, CISSP, CIAM, CISA, CISM, CCSP, etc.

Education

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or related field or equivalent work experience (HS diploma + 3 years relevant experience).
• Ongoing education in cybersecurity, information security, or related domains is a plus.

Anticipated Weekly Hours

Time Type

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.