Lead Director - Third Party Security, Assessment Operations

CVS Health • $144K — $288K *

US-AnywhereRemote in Colorado, US

Information Technology

8 - 10 years of experience

Today

Be an Early Applicant

By clicking Apply, I agree with Ladders' Terms of Use and Privacy Policy

Job Overview by Ladders

Qualifications

10+ years in Information Security with expertise in risk management, architecture, and engineering.
7+ years leading security teams in both direct and matrixed environments.
5+ years managing Third Party Security Risk or Vendor Risk Management programs.
5+ years conducting control testing and compliance assessments.
3+ years implementing security controls in complex third party environments.

Responsibilities

Own and continuously improve the Third Party Security program.
Direct security assessment practices for all third parties.
Align team capacity with organizational priorities and resource demands.
Build and lead a high-performing team of security professionals.
Evaluate emerging cyber threats relevant to third party ecosystems.
Implement risk-based remediation strategies based on assessment findings.
Ensure compliance with local, national, and international regulations.

Benefits

Comprehensive medical, dental, and vision coverage.
Generous paid time off policy.
Retirement savings options with employer contributions.
Access to wellness programs and support resources.

Full Job Description

Position Summary

The Lead Director of Third-Party Security Assessment & Risk Operations plays a critical role in protecting the organization by ensuring that third parties (vendors, suppliers, and partners) meet the security standards required to operate in a highly regulated environment. This role leads the end-to-end lifecycle of third-party security assessments, ensuring that risks are identified early, understood clearly, and addressed effectively. By building and advancing a scalable, risk-based assessment program, this position helps safeguard the enterprise while enabling the business to move forward with confidence in its external partnerships.

This leader partners closely with Procurement, Legal, Compliance, and business units to embed security into the full vendor lifecycle and translate complex cyber risks into clear, actionable guidance. The role also shapes enterprise-wide risk and control assurance efforts by bringing visibility, consistency, and accountability to third-party risk management. Through strong program leadership, executive engagement, and continuous improvement, the Lead Director ensures the organization can manage third-party risk at scale while supporting growth, regulatory compliance, and operational resilience.

Key Responsibilities:

Third Party Security Leadership

Own and continuously mature the enterprise Third Party Security program, including processes, and tooling.
Direct staff in the identification, development, implementation, and maintenance of security assessment practices for all third parties - including vendors, suppliers, and business partners.
Establish demand-driven resource models and align team capacity to portfolio volume and organizational priorities.
Build, coach, and lead a high-performing team of security professionals spanning Individual Contributors, Managers, and Senior Managers.

Risk Assessment & Control Assurance

Lead the evaluation and assessment of emerging cyber threats, vulnerabilities, and attack vectors relevant to third party ecosystems.
Direct detailed control testing, regulatory audit scenarios, and compliance validation activities for third party relationships.
Develop and enforce risk-based remediation strategies derived from assessment findings and lessons learned.
Implement and enforce security controls within third parties supporting large, complex, and diverse enterprise environments.

Regulatory Compliance & Policy Alignment

Ensure organizational adherence to applicable local, national, and international regulatory requirements (e.g., HIPAA, PCI-DSS, NIST, ISO 27001/27036, SOC 2) within the scope of third party security.
Provide authoritative security guidance to project teams, portfolio personnel, and business leaders to ensure alignment with CVS Health control standards.
Monitor evolving regulatory and industry landscapes and proactively adjust program requirements to maintain compliance.

Executive Stakeholder Engagement

Serve as a trusted advisor to senior business and technology executives on third party cyber security matters.
Communicate risk posture, program performance metrics, and remediation status to executive leadership through compelling, data-driven presentations.
Act as the primary point of enablement for Third Party Security Assessment Operations across the organization.
Develop and sustain strategic relationships across functional business, IT, and vendor leadership teams.

Operational Excellence & Continuous Improvement

Establish organizational capabilities to track program progress, surface issues, and remove obstacles in alignment with the CVS Health mission.
Define and monitor KPIs and KRIs to measure program effectiveness and drive continuous improvement.
Identify and implement technology solutions and automation opportunities to scale assessment operations.

Required Qualifications

10+ years of progressive Information Security experience, with a strong foundation across risk management, architecture, and engineering domains.
7+ years of direct leadership experience managing security professionals in both direct and matrixed reporting structures.
5+ years of experience building and leading Third Party Security Risk or Vendor Risk Management programs at enterprise scale.
5+ years of experience leading detailed control testing, regulatory audits, and compliance assessments.
3+ years of experience implementing security controls within third party environments supporting large, complex enterprises.

Preferred Qualifications

Exceptional communication and executive presentation skills; ability to translate technical risk into business language for non-technical audiences.
Strong command of risk analysis frameworks and the ability to derive well-defined mitigation strategies from assessment findings.
Demonstrated ability to lead and influence without direct authority across cross-functional, matrixed organizations.
Superior organizational and process management skills; experience building and scaling high-performing teams.
Proficiency with Third Party Risk platforms (e.g., Archer, SecurityScorecard, ServiceNow, BlackKite) and GRC tooling.
Integration and adoption of AI-based tooling to facilitate time to market and defensible results

Education

Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$144,200.00 - $288,400.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company's equity award program.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full-time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well-being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 07/06/2026

About CVS Health

Omnicare provides comprehensive pharmaceutical services to patients and providers across the United States. As the market-leader in professional pharmacy, related consulting and data management services for skilled nursing, assisted living and other chronic care settings, Omnicare leverages its unparalleled clinical insight into the geriatric market along with some of the industry's most innovative technological capabilities to the benefit of its long-term care customers. Omnicare also provides key commercialization services for the bio-pharmaceutical industry through its Specialty Care Group.

CVS Health Careers

Joining CVS Health presents a unique opportunity to advance your career in a company where innovation, leadership, and growth go hand in hand. As a leader in the healthcare industry, CVS Health is more than just a pharmacy. We are a team of professionals dedicated to improving lives and optimizing health outcomes.

Work You’ll Do

At CVS Health, you will be part of a culture that values diversity and inclusivity, fostering an environment where every team member’s contribution is valued. Engage in meaningful work that directly impacts lives, driving innovation in healthcare services and solutions.

Explore Job Opportunities

Whether you’re looking for a position in pharmacy services, corporate leadership, or in-store management, CVS Health offers a variety of employment opportunities that will help you harness your skills and thrive professionally. Our job opportunities span across a wide range of professional fields and geographic locations, ensuring that your career at CVS Health aligns with your professional goals and lifestyle.

Internship Programs

Kickstart your career with CVS Health through our internship programs. These opportunities are designed for ambitious students eager to develop their skills in a real-world setting. Internships at CVS Health are not only about gaining work experience but also about making meaningful contributions to our ongoing projects.

Professional Growth and Development

CVS Health is committed to the professional growth of our employees. With access to cutting-edge technology, industry-leading experts, and comprehensive diversity training, our team members are equipped to lead and innovate. We support career advancement through professional development programs, leadership training, and opportunities for networking and internal mobility.

Benefits and Culture

Our employees enjoy a range of benefits that reflect our commitment to their well-being and success. From health and wellness benefits to professional development programs, CVS Health is dedicated to ensuring our team members have the resources they need. Our inclusive culture encourages collaboration and continuous learning, making CVS Health a place where you can grow and succeed.

Join Our Team

Ready to take the next step in your career? Explore the open positions at CVS Health that match your skills and interests. We are continuously hiring and looking for passionate, curious, and solution-driven team players.

Stay Connected

Keep up to date with the latest news, career tips, and industry insights from CVS Health. Personalize your experience by subscribing to job alert emails, tailored to your preferences and professional interests. Discover the rewarding opportunities that await at CVS Health, where your career development is always a priority.

Search CVS Health Jobs

Don’t just look for a job. Look for a place where you can be a part of something bigger. Visit our careers page to find the position that’s right for you and join a team that values innovation and leadership in healthcare.

READ CAREERS BLOG

Stay ahead in your career with insights from those who know CVS Health best – our team. Learn from their experiences and get insider tips that can help you succeed in your next interview, craft a standout resume, and build a career you’re proud of at CVS Health.

Learn more about CVS Health

Size

300,000 employees

Market Cap

$122 billion

Industry

Pharmaceuticals & Biotech

Net Income

$7.1 billion

Founded

1963

5 Year Trend

+10.5%

Revenue

$268.7 billion

NASDAQ

CVS

* Ladders Estimates

Similar Jobs

Senior Manager/Director, Infrastructure & Cybersecurity
$160K — $180K *
24 Hour Home Care - Corporate Division
El Segundo, CA 90245 (Los Angeles County)
Today
Director, IT Infrastructure and Security
$150K — $169K *
Society for Science
Washington, DC 20011 (District Of Columbia County)
Today
Executive Director, Public Sector Information Security & Compliance Officer
$150K — $180K *
TTEC Holdings, Inc.
Austin, TX 78745 (Travis County)
Today
Director of Security & Compliance
$130K — $180K *
Verse Medical
New York, NY 10025 (New York County)
Yesterday
Director, IT and Governance, Risk & Compliance
$130K — $180K *
Q4
Remote
Yesterday
Director - Office of the CISO
$160K — $230K *
Costco
Issaquah, WA 98027 (King County)
Reposted 2 days ago

Get Ready For Your
Next Interview

More Jobs at CVS Health

District Support Pharmacist Full Time
$124K — $158K *
Orlando, FL 32828 (Orange County)
Reposted Today
Pharmaceuticals & Biotech
In-Person
Staff Pharmacist Full Time
$124K — $157K *
Richmond, VA 23223 (Richmond City County)
Reposted Today
Healthcare
In-Person
Pharmacist FT Staff
$124K — $158K *
Belle Plaine, MN 56011 (Scott County)
Today
Pharmaceuticals & Biotech
In-Person
Nurse Practitioner
$104K — $225K *
East Hanover, NJ 07936 (Morris County)
Today
Healthcare
In-Person
District Support Pharmacist - FT
$124K — $158K *
Austin, TX 78745 (Travis County)
Today
Healthcare
In-Person

More Information Technology Jobs

SDET (Software Development Engineer In Test)
Confidential Company
Washington, DC 20001 (District Of Columbia County)
1 week ago
Network Engineer 2
$85K — $110K *
Columbia Technology Partners
Annapolis, MD 21401 (Anne Arundel County)
Today
Software Engineer, Backend
$100K — $150K *
Beacon AI, Inc
San Carlos, CA 94070 (San Mateo County)
Today
Staff Engineer, Design Verification
$115K — $170K *
Marvell Technology
Morrisville, NC 27560 (Wake County)
Reposted Today
Software Engineering Team Lead
$130K — $160K *
Media.Monks
Toronto, ON M3C 0E3
Today

Find similar Lead Director - Third Party Security, Assessment Operations jobs:

Nationwide Remote