Job Description:
• Provides operational support for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise
• Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program
• Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework
• Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks
• Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program
• Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices
• Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators
• Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up
• Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program
• Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits
Requirements:
• 2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment
• Working knowledge of Information Security policies and procedures; experience supporting GRC programs
• Working knowledge and understanding of cyber resiliency concepts and frameworks
• Assist in development, implementation, and maintenance of the organization’s cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices
• Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting
• Understanding of disaster recovery, cyber incident response, crisis management and business continuity testing concepts
• Maintain documentation of processes, controls, and testing related to cyber resiliency requirements; create and prepare metrics and reporting on findings and recommendations for management
• Solid understanding of relevant regulations and frameworks aligning to NIST 800 and NIST CSF Frameworks, ISO, HITRUST, HIPAA, PCI, ZTMM
• Possess security architecture and engineering knowledge including zero trust concepts
• Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement
• Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization
Benefits:
• Affordable medical plan options
• 401(k) plan (including matching company contributions)
• Employee stock purchase plan
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching
• Paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility
Apply Now
Apply Now