Job Description This position will be responsible for overseeing all application related security and compliance related activities within the Digital Enterprise organization. CVS Health's Digital Enterprise organization is responsible for the company's ecommerce and digital strategy that encompasses over 80 mobile and web applications that support CVS health's Pharmaceutical Benefits Management, Medicare Part D as well as retail lines of business. This person will work closely with application developers and production support personnel, architects and various constituencies within the CVS Health security team to ensure that that all desktop web and mobile applications comply with CVS Health's policies and standards and successfully pass the scrutiny of both internal and external security assessments.
Key Responsibilities * Coordinate security and compliance related activities across the CVS Health Digital organization working directly with the CVS Health Security organization, respective application production support and development teams, business representatives as well as external auditors and assessors to track security monitoring and remediation efforts, coordinate all security/compliance improvement efforts, monitor process effectiveness, and regularly communicate the status of security related organizational initiatives. * Establish and enhance the security DNA of the Digital organization: Understand the existing operational processes and controls currently in place and recommend and implement improvements. Refine and enhance organizational initiatives to support successful security/compliance objectives. Assist with linking policy, standard operating procedures (SOPs), controls, monitoring and reporting with the goal of improving compliance and security with the Digital organization. * Work in collaboration with Compliance and Monitoring, Information Security Risk management and security risk assessment/architecture and development teams in the execution of controlled self-assessments, risk assessments and regulatory compliance practices for Information Security. * Partner with Information Security Risk Management, Compliance and Monitoring, and the Standards and Compliance teams to develop effective processes for monitoring, reporting, escalating and resolving compliance related issues and exceptions. * Work with cross-functional teams in performing security requirements reviews and tests of IT internal controls to ensure teams are operating adequate controls and developing secure applications that meet CVS Health policies and standards. * Partner with the various CVS Health Security teams to proactively promote enhanced security controls and training across the organization. * Advise IT and business executives on the status of security findings and remediation efforts, technology risks and compliance issues based on assessment results and information from various discovery sources, monitoring and control systems. * Prioritize the security backlog across the various agile release teams within Digital to make sure the security risks and vulnerabilities that have been surfaced through vulnerability scans, penetration tests, assessment reviews, etc. are being addressed. * Experience with securing distributed web based applications on public cloud based infrastructure (Google Cloud & Azure a plus)
Required Qualifications * 3+ years of experience in security, compliance consulting, or advisory work in in support of a highly technical environment. * 3+ years of experience performing and/or leading technical assessments in direct support of a major compliance effort (e.g. PCI, SOC2, FTC, HiTrust) * 5+ years of IT experience * 2+ years of related IT security experience including distributed web based applications * 2+ years of experience in IT leadership * 1+ years experience guiding the development, business and production support teams through various external (PCI, FTC, HiTrust) and internal audits. * 1+ years experience with secure coding concepts associated with building and operating distributed web/mobile based applications: OWASP Top 10, SANS 25, CERT Secure Coding issues * Ability to present information clearly and concisely to customers, management, and other non-technical stakeholders Preferred Tech and Prof Experience
Preferred Qualifications * Healthcare IT Background * Possession of either of the following certifications: CISSP, CISA, CISM, or GIAC. * Experience with external audits including PCI, FTC, HiTrust, etc. * Intermediate skill with scripting languages (Perl, Shell, SQL, Python, etc.) * Advanced MS Office skills: Word, PowerPoint, Excel & Database * Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively. * Technical knowledge of security technologies and architecture in multiple security domains (such as infrastructure hardening, privileged access, data security, endpoint security, anti-malware, network security, application security and others). * Familiarity using Governance, Risk and Compliance technologies (e.g., Archer, Kenna) to manage risk and compliance related issues. * Experience with HIPAA and NIST 800-53 controls and application/implementation of controls in production environments. * Understanding of infrastructure control procedures and security (networking, OS, storage, application)
* Broad security knowledge across common industry security standards (e.g., ISO, NIST, SOC2, PCI, FTC, SOX, SSAE16, and others). * Record of delivery of IT process improvement projects with technology processes and/or major tech companies. * Experience performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes. * Experience in IT program or project management, IT auditing, and/or control framework development and implementation is also a plus. Have a strong understanding of software development lifecycles and modern transaction processing environments. * Perform planning/scoping and liaising with auditors on PCI-DSS, SOC2, ISO 27017/18, FTC, and external consumer/partner audits. * Experience defining certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule. * Familiarity with or willingness to learn cloud based application security * Industry-specific compliance/regulatory experience (e.g. financial services, healthcare/life sciences, public sector, telecommunications, etc.) is a plus.
Education Bachelor's Degree in Computer Science, Information Systems Management, Mathematics, Informatics, Cyber Security or equivalent work experience required.
Business Overview It's a new day in health care.
Combining CVS Health and Aetna was a transformative moment for our company and our industry, establishing CVS Health as the nation's premier health innovation company. Through our health services, insurance plans and community pharmacists, we're pioneering a bold new approach to total health. As a CVS Health colleague, you'll be at the center of it all.
We offer a diverse work experience that empowers colleagues for career success. In addition to skill and experience, we also seek to attract and retain colleagues whose beliefs and behaviors are in alignment with our core values of collaboration, innovation, caring, integrity and accountability.
CVS Health is an equal opportunity/affirmative action employer. Gender/Ethnicity/Disability/Protected Veteran - we highly value and are committed to all forms of diversity in the workplace. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities. We comply with the laws and regulations set forth in the following EEO is the Law Poster: EEO IS THE LAW and EEO IS THE LAW SUPPLEMENT. We provide reasonable accommodations to qualified individuals with disabilities. If you require assistance to apply for this job, please contact our Advice and Counsel Reasonable Accommodations team. Please note that we only accept applications for employment via this site.
If technical issues are preventing you from applying to a position, contact Kenexa Helpdesk at 1-855-338-5609 or firstname.lastname@example.org. For technical issues with the Virtual Job Tryout assessment, contact the Shaker Help Desk at 1-877-987-5352.