"Alerted.org

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

Provides operational support for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise. Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program. Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework. Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks. Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program. Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices. Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators. Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up. Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program. Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits.

Required Qualifications

+ 2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment

+ Working knowledge of Information Security policies and procedures; experience supporting GRC programs

+ Working knowledge and understanding of cyber resiliency concepts and frameworks

+ Assist in development, implementation, and maintenance of the organization’s cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices.

+ Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting.

+ Demonstrated understanding of disaster recovery testing, incident response, crisis management and business continuity

+ Maintain documentation of processes, controls, and testing related to cyber resiliency requirements; create and prepare metrics and reporting on findings and recommendations for management.

+ Solid understanding of relevant regulations and frameworks aligning to NIST, ISO, HITRUST, HIPPA, PCI

+ Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement.

+ Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization.

+ Demonstrate attention to detail

Preferred Qualifications

Knowledge of:

+ Information security policies and procedures

+ Regulatory standards including SOX, NIST, SOC, HIPAA, PCI, and HITRUST

+ NIST or ISO Cyber Resiliency frameworks

+ Experience identifying cybersecurity risks

Skill in:

+ Interpersonal and collaboration skills

+ Customer service and relationship building

+ Effective time management

Ability To:

+ Execute on assigned tasks, providing timely feedback to customers/stakeholders/teammates

+ Collaborate across many teams in a large-scale environment

Education

+ Bachelor's or certifications in cybersecurity preferred

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$72,100.00 - $144,200.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

+ **Affordable medical plan options,** a **401(k) plan** (including matching company contributions), and an **employee stock purchase plan** .

+ **No-cost programs for all colleagues** including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

+ **Benefit solutions that address the different needs and preferences of our colleagues** including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 06/11/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

We are an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.