We are looking for a talented and experienced Information Security Risk Management Senior Analyst to join our Information Security Operations Vulnerability Management Team focused on ensuring the security and integrity of CVS Health applications and data.
As a Security Vulnerability and Risk Management Senior Analyst you will be responsible for ensuring CVS data remains secure and all risks, vulnerabilities and defects are managed, tracked and remediated according to policy and/or best practices.
The Information Security Vulnerability and Risk Management Senior Analyst selected for this role must have experience with risk management concepts and processes. The incumbent will be responsible for ensuring the CVS environment remains secure and that all identified gaps are managed.
The Security Risk Management Senior Analyst will be responsible for but not limited to:
- Develop reports on the results of vulnerability assessments,penetration testing, and configuration of dynamic and static code analysis platforms and drive remediation
- Coordinate and facilitate the vulnerability management program within specified CVS Health policy, standard and procedures
- Work with System owners to identify and document remediation strategies for vulnerabilities.
- Represent Information Security organization in broader meetings on vulnerability remediation
- Provide tracking of remediation status
- Communicate with auditors and regulators during compliance and regulatory reviews
- Collaboratively work with peers to ensure operational excellence
- Maintain and monitor Information Security Risk Exception process to ensure identification of areas of non-compliance
- Strong client relationship management experience and skills
- Familiarity with relevant regional regulatory requirements
- Strong interpersonal and oral/written communication skills, able to build relationships at all levels
- 3+ years of experience in an IT Security/IT Risk environment with a large regulated organization
- Knowledge of risk assessment methodologies, IT/IS Policies and Standards, IT risk standards and industry best practices (ISO 27K, HITRUST, CoBIT, Managing Vendor Assessments).
- Experience building reports leveraging Microsoft Excel and Word with a focus on attention to detail and report accuracy
- Experience or understanding of managing vendor assessments
- Experience with development and administration of risk assessments and reviews
- Experience with audit processes and disciplines
- Experience with more than one major IT discipline (distributed computing, networks, application design and development, IT security and business recovery)
- Knowledge of risk assessment methodologies, IT policies and standards
- Knowledge of IT risk standards and industry best practice approaches such as ISO 17799, HITRUST, and CoBit
- Knowledge of source code reviews using automated tools such as Veracode and/or manual analysis
- Experience with Verification of remediation
- Experience with Audit or assessment skills
- Knowledge of common TCP/UDP protocols and how they work.
- Knowledge of web application security testing and vulnerability testing tools.
- Knowledge of web application firewalls
- Knowledge of network-level penetration testing
- Knowledge of mobile application security
- Knowledge of Security in the SDLC (Software Development Lifecycle)
- Bachelors degree or High School Diploma with equivalent work experience
- CISSP or other equal security related designations.
Job ID: 663155BR.