Senior Analyst, Information Security, CVS Health

CVS Health

Location:
United States, Boston

Category:
IT - Administration

Contract Type:
Not provided

Salary:

86520.00 - 173040.00 USD / Year

Save Job

Apply Position

Job Description:

Provides operational support for CVS Health's Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise. Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program. Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework. Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks. Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program. Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices. Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators. Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up. Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program. Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits.

Job Responsibility:

Provides operational support for CVS Health's Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise
Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program
Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework
Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks
Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program
Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices
Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators
Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up
Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program
Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits

Requirements:

2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment
Working knowledge of Information Security policies and procedures
experience supporting GRC programs
Working knowledge and understanding of cyber resiliency concepts and frameworks
Assist in development, implementation, and maintenance of the organization's cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices
Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting
Demonstrated understanding of disaster recovery testing, incident response, crisis management and business continuity
Maintain documentation of processes, controls, and testing related to cyber resiliency requirements
create and prepare metrics and reporting on findings and recommendations for management
Solid understanding of relevant regulations and frameworks aligning to NIST, ISO, HITRUST, HIPPA, PCI
Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement
Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization
Demonstrate attention to detail
Bachelor's or certifications in cybersecurity preferred

Nice to have:

Knowledge of Information security policies and procedures
Knowledge of Regulatory standards including SOX, NIST, SOC, HIPAA, PCI, and HITRUST
Knowledge of NIST or ISO Cyber Resiliency frameworks
Experience identifying cybersecurity risks
Skill in Interpersonal and collaboration skills
Skill in Customer service and relationship building
Skill in Effective time management
Ability to Execute on assigned tasks, providing timely feedback to customers/stakeholders/teammates
Ability to Collaborate across many teams in a large-scale environment

What we offer:

Affordable medical plan options
401(k) plan (including matching company contributions)
Employee stock purchase plan
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching
Paid time off
Flexible work schedules
Family leave
Dependent care resources
Colleague assistance programs
Tuition assistance
Retiree medical access

Additional Information:

Job Posted:
November 13, 2025

Expiration:
November 26, 2025

Employment Type:

Fulltime

Work Type:

Hybrid work

View All Jobs In This Company

Job Link Share:

Senior Analyst, Information Security