At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

Defines operational activities and executes on strategic direction related to Cyber Resiliency for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cybersecurity GRC team, guiding colleagues in facilitating cyber resiliency activities across the enterprise.  Manages, develops and implements procedures, controls, and reporting to ensure compliance with NIST Cyber resiliency frameworks.  Consults on efforts to continuously improve internal controls, processes, and systems to enhance the effectiveness and efficiency for the program.  Partners with IT and business colleagues to educate on cyber resiliency and provide actionable metrics that measure the effectiveness of controls.  Coordinate and manage activities of process owners to support cyber resiliency testing, including supporting audit requests and tracking remediation.  Partner with key stakeholders, including senior management, Legal, Internal Audit, and external assessors, to ensure alignment and support of the cyber resiliency Program. 

Responsibilities:

Managing and executing procedures to facilitate and support various cybersecurity resiliency activities.  Establishes schedules and plans to ensure deadlines are being met.  Develops efficient processes to facilitate and support regulatory, internal audit and industry standard assessments and audits.Provides coaching, feedback, and educates stakeholders and colleagues relative to cyber resiliency requirements and industry best practices.Defines or develops risk management policies and procedures to support the implementation of cyber resiliency processes and controls across the enterpriseOversees preparation and submission of cyber resiliency metrics and reports to management, Audit Services, external auditors/assessors, and regulators.Oversees assessments to measure the effectiveness of cyber resiliency controls and provides results back to responsible party/ownerEducates key stakeholders on risk management frameworks and top risks  related to the system(s) or Line of Business for cyber resilience
 

Required Qualifications

7+ years of cyber resiliency related activities or experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment5+ years of experience in understanding of cyber resiliency framework including its requirements, regulations, and implications for financial reporting and internal controls.5+ years of experience in audit methodologies, internal control frameworks, risks assessments, and control testing techniques.3+ years of program management including strategic planning, decision-making, and project management

Preferred Qualifications

Strong understanding of relevant regulations and frameworks aligning to NIST and ISOStrong analytical and problem-solving skills with the ability to analyze and interpret complex regulations, operational data, trends, assess risks effectively, and make recommendations for improvement.Exceptional interpersonal skills with the ability to collaborate across departments and influence stakeholders at all levelsDemonstrated ability to collaborate effectively with cross-functional teams, build relationships with key stakeholders, and influence others to achieve compliance objectives. Strong attention to detail and accuracy when conducting assessments, documenting processes, and reviewing controls to ensure compliance with cyber resiliency requirements.Managing work efforts with both internal and external partners in a highly collaborative environmentExcellent written and verbal communication skills with the ability to articulate complex concepts clearly and conciselyAbility to navigate and execute in a large complex organization
 

Education

Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$118,450.00 - $236,900.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 06/13/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.