This role is responsible for reviewing, implementing, updating anddocumenting the security policy framework(s) and controls related toInformation Security to protect sensitive data and reduce organizational risk.The role will interface with senior leaders in all IT disciplines, as well asauditors, regulators and other key internal stakeholders (legal, privacy,etc..) to define and communicate strategies for Policy management in order tomeet CVS Health's legal, regulatory and operational requirements.
60615 Fundamental Components:
Work with Subject Matter Experts to ensure policies and standards are reviewed and updated as
Work with Compliance partner organizations to ensure policies and standards comply with appropriate
industry standards and regulations (Data Privacy, Compliance, Legal, Physical Security, etc...)
Partner to present our internal policies and standards to customers, partners, internal teams, and senior
Design and manage the processes to enforce our policies and ensure they remain under control
Review proposed baseline configuration changes for compliance with policies and standards
Manage and oversee the security exception and approval processes (external access, workstation admin
Support the Security Architecture function by interpreting policy and standard requirements
Provide consultative services related to the CVS Health security control framework to various
organizations within CVS Health
Ensure the Information Security Awareness program is aligned to the Security control framework
Provide audit support related to the Security control framework
Provide status reporting and metrics to leadership as required
Evaluate solutions and assist in maintenance of the Security Governance Risk and Compliance tool
Analyze enforcement and escalation data to recommend improvements to product regarding the systems
and processes that support our policies at scale
Serve as the point of escalation for making decisions when existing processes don't produce a
clear decision Background Experience:
about public policy issues and how they impact business objectives
making difficult decisions
excellent written and verbal communicator
to communicate points of view to audiences that may be biased against your
to understand alternative positions on issues
to advise senior leaders on policy issues
to facilitate group discussions with cross-functional stakeholders
to closely partner with cross-functional stakeholders Ideal
experience driving consensus on issues that may not have a clear answer and
communicating requirements on those issues to product teams
built relationships with public advocacy, policy, or other external stakeholder
managed policy development and advocacy in the past
5+ years of full time Information Security risk management experience
Direct work experience in a technical project management
capacity, including experience with process development and execution.
Experience in a business liaison or analyst role, including
experience with process and technology analysis.
Experience in planning and executing multiple Information
Security risk & compliance projects.
Experience with information security frameworks such as ISO 27001/2, SOC2,
NIST Cybersecurity Framework, GDPR, HITRUST. Experience with risk management and Information Security
strategy, practices, technologies, and tools
Prior experience coordinating with internal and external auditors to effectively communicate requirements, drive execution and deliver results.
Working knowledge of RSA's Archer eGRC Solutions and Archer certification is a plus. Additional Job Information:
- Direct work experience in a
technical project management capacity, including experience with process
development and execution.
- Experience in a business liaison or
analyst role, including experience with process and technology analysis.
- Experience in planning and executing
multiple Information Security risk & compliance projects. Experience with information security frameworks such as ISO
27001/2, SOC2, NIST Cybersecurity Framework, GDPR, HITRUST.
- Experience with risk management and
Information Security strategy, practices, technologies, and tool.
- Prior experience coordinating with
internal and external auditors to effectively communicate requirements, drive
execution and deliver results.
- Working knowledge of RSA's Archer
eGRC Solutions and Archer certification is a plus.
Leadership - Collaborating for Results, Leadership - Driving a Culture of Compliance, Leadership - Fostering a Global Perspective Functional Skills:
Information Technology - Security Potential Telework Position:
Yes Percent of Travel Required:
0 - 10% EEO Statement:
Aetna is an Equal Opportunity, Affirmative Action Employer Benefit Eligibility:
Benefit eligibility may vary by position. Click here to review the benefits associated with this position. Candidate Privacy Information:
Aetna takes our candidate's data privacy seriously. At no time will any Aetna recruiter or employee request any financial or personal information (Social Security Number, Credit card information for direct deposit, etc.) from you via e-mail. Any requests for information will be discussed prior and will be conducted through a secure website provided by the recruiter. Should you be asked for such information, please notify us immediately.
Click To Review Our Benefits (PDF)