The Senior Manager of Information Security Control Assurance & Compliance reports to the Senior Director of Information Governance, Risk, and Control Assurance. The Senior Manager is responsible for ensuring controls are operating as designed, meeting regulatory obligations, and mitigating risk to the CVS Health family of companies. They are charged with enforcing remediation and performing gap analysis to determine impact to existing security capabilities. They are also responsible for aligning people, process, and technology to meet the demand and business requirements of CVS Health.
The role and responsibility of the Senior Manager is to:
• Lead the assessment and measurement of the effectiveness of Information Security controls;
• Identify gaps in desired outcomes, obligations, and compliance responsibilities;
• Provide detailed management level reporting and dashboards designed to demonstrate adherence against expected control outcomes, including compliance obligations;
• Ensure appropriate resources are allocated to Information Security projects, and that timelines, commitments, and service levels from the team are met;
• Ensure resources are adequately equipped and trained to perform their tasks; and
• Maintain business relationships with key stakeholders across CVS Health.
• 10+ years of relevant Information Security experience.
• 5+ years of direct leadership and/or managerial experience.
• Excellent communications and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences.
• Experience leading and/or performing detailed control testing, including regulatory audit and compliance test scenarios.
• Experience leading Information Security professionals and Compliance programs.
• Demonstrated ability to establish well defined procedures and appropriate mitigation strategies derived from risk analysis and lessons learned.
• Strong organization and process management skills; ability to lead and manage high performing teams.
• CISSP, CGEIT, or CRISC certification or demonstrated mastery of governance and risk management.
• Experience with Information Security in a Pharmacy Benefits Management or Retail environment a plus.
• 5+ years experience managing one or more components of an information security program in a highly regulated sector, such as healthcare or financial services.
• Deep understanding of regulatory and industry standards, including SOX, HIPAA, PCI-DSS, and HITRUST.
• Experience and knowledge of industry certification or audit standards including AICPA, Verizon CRP, PCI-DSS, and Shared Assessments AUP.
• Bachelors degree in Computer Science, Management Information Systems, Technology, or Business. MBA or Masters degree preferred.
CVS Health, through our unmatched breadth of service offerings, is transforming the delivery of health care services in the U.S. We are an innovative, fast-growing company guided by values that focus on teamwork, integrity and respect for our colleagues and customers. What are we looking for in our colleagues? We seek fresh ideas, new perspectives, a diversity of experiences, and a dedication to service that will help us better meet the needs of the many people and businesses that rely on us each day. As the nation’s largest pharmacy health care provider, we offer a wide range of exciting and fulfilling career opportunities across our three business units – MinuteClinic, pharmacy benefit management (PBM) and retail pharmacy. Our energetic and service-oriented colleagues work hard every day to make a positive difference in the lives of our customers.
CVS Health is an equal opportunity employer. We do not discriminate in hiring or employment against any individual on the basis of race, ethnicity, ancestry, color, religion, sex/gender (including pregnancy), national origin, sexual orientation, gender identity or expression, physical or mental disability, medical condition, age, veteran status, military status, marital status, genetic information, citizenship status, unemployment status, political affiliation, or on any other basis or characteristic prohibited by applicable federal, state or local law. CVS Health will consider qualified job candidates with criminal histories in a manner consistent with federal, state and local laws. CVS Health will not discharge or in any other manner discriminate against any Colleague or applicant for employment because such Colleague or applicant has inquired about, discussed, or disclosed the compensation of the Colleague or applicant or another Colleague or applicant. Furthermore, we comply with the laws and regulations set forth in the following EEO is the Law Poster: EEO IS THE LAWand EEO IS THE LAW SUPPLEMENT
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. If you require assistance to apply for this job, please contact us by clicking Advice and Counsel
CVS Health does not require nor expect that applicants disclose their compensation history during the application, interview, and hiring process.
For inquiries related to the application process or technical issues please contact the Kenexa Helpdesk at 1-855-338-5609. For technical issues with the Virtual Job Tryout assessment, contact the Shaker Help Desk at 1-877-987-5352. Please note that we only accept resumes via our corporate website: https://jobs.cvshealth.com/