Position Summary: We are looking for a talented and experienced Information Security Risk Management Senior Analyst to join our Information Security Operations Vulnerability Management Team focused on ensuring the security and integrity of CVS Health applications and data.
As a Security Vulnerability and Risk Management Senior Analyst you will be responsible for ensuring CVS data remains secure and all risks, vulnerabilities and defects are managed, tracked and remediated according to policy and/or best practices. The Information Security Vulnerability and Risk Management Senior Analyst selected for this role must have experience with risk management concepts and processes. The incumbent will be responsible for ensuring the CVS environment remains secure and that all identified gaps are managed.
The Security Risk Management Senior Analyst will be responsible for but not limited to:
- Develop reports on the results of vulnerability assessments,penetration testing, and configuration of dynamic and static code analysis platforms and drive remediation
- Coordinate and facilitate the vulnerability management program within specified CVS Health policy, standard and procedures
- Work with System owners to identify and document remediation strategies for vulnerabilities.
- Represent Information Security organization in broader meetings on vulnerability remediation
- Provide tracking of remediation status
- Communicate with auditors and regulators during compliance and regulatory reviews
- Collaboratively work with peers to ensure operational excellence
- Maintain and monitor Information Security Risk Exception process to ensure identification of areas of non-compliance
- Strong client relationship management experience and skills
- Familiarity with relevant regional regulatory requirements
- Strong interpersonal and oral/written communication skills, able to build relationships at all levels
Required Qualifications:- 3+ years of experience in an IT Security/IT Risk environment with a large regulated organization
- Knowledge of risk assessment methodologies, IT/IS Policies and Standards, IT risk standards and industry best practices (ISO 27K, HITRUST, CoBIT, Managing Vendor Assessments).
- Experience building reports leveraging Microsoft Excel and Word with a focus on attention to detail and report accuracy
- Experience or understanding of managing vendor assessments
- Experience with development and administration of risk assessments and reviews
- Experience with audit processes and disciplines
- Experience with more than one major IT discipline (distributed computing, networks, application design and development, IT security and business recovery)
- Knowledge of risk assessment methodologies, IT policies and standards
- Knowledge of IT risk standards and industry best practice approaches such as ISO 17799, HITRUST, and CoBit
- Knowledge of source code reviews using automated tools such as Veracode and/or manual analysis
- Experience with Verification of remediation
Preferred Qualifications: - Experience with Audit or assessment skills
- Knowledge of common TCP/UDP protocols and how they work.
- Knowledge of web application security testing and vulnerability testing tools.
- Knowledge of web application firewalls
- Knowledge of network-level penetration testing
- Knowledge of mobile application security
- Knowledge of Security in the SDLC (Software Development Lifecycle)
- Bachelors degree or High School Diploma with equivalent work experience
- CISSP or other equal security related designations
CVS Health, through our unmatched breadth of service offerings, is transforming the delivery of health care services in the U.S. We are an innovative, fast-growing company guided by values that focus on teamwork, integrity and respect for our colleagues and customers. What are we looking for in our colleagues? We seek fresh ideas, new perspectives, a diversity of experiences, and a dedication to service that will help us better meet the needs of the many people and businesses that rely on us each day. As the nation’s largest pharmacy health care provider, we offer a wide range of exciting and fulfilling career opportunities across our three business units – MinuteClinic, pharmacy benefit management (PBM) and retail pharmacy. Our energetic and service-oriented colleagues work hard every day to make a positive difference in the lives of our customers.
CVS Health is an equal opportunity employer. We do not discriminate in hiring or employment against any individual on the basis of race, ethnicity, ancestry, color, religion, sex/gender (including pregnancy), national origin, sexual orientation, gender identity or expression, physical or mental disability, medical condition, age, veteran status, military status, marital status, genetic information, citizenship status, unemployment status, political affiliation, or on any other basis or characteristic prohibited by applicable federal, state or local law. CVS Health will consider qualified job candidates with criminal histories in a manner consistent with federal, state and local laws. CVS Health will not discharge or in any other manner discriminate against any Colleague or applicant for employment because such Colleague or applicant has inquired about, discussed, or disclosed the compensation of the Colleague or applicant or another Colleague or applicant. Furthermore, we comply with the laws and regulations set forth in the following EEO is the Law Poster: EEO IS THE LAW
and EEO IS THE LAW SUPPLEMENT
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. If you require assistance to apply for this job, please contact us by clicking AA EEO CVS Health
For inquiries related to the application process or technical issues please contact the Kenexa Helpdesk at 1-855-338-5609. For technical issues with the Virtual Job Tryout assessment, contact the Shaker Help Desk at 1-877-987-5352. Please note that we only accept resumes via our corporate website: https://jobs.cvshealth.com/