Information Security, Senior Advisor

Job Description
We are looking for a talented and experienced Information Senior Security Advisor to join our Information Security Governance and Risk Management Team to focus on Information Risk Management, Security Governance, and Information Assurance services.

The Information Security Senior Advisor will be responsible for supporting efforts toward meeting or exceeding CVS Health standards, adhering to regulatory requirements, and managing risks, tracked, and remediated according to CVS Health policies and standards. Collaboration and teamwork across business and IT organizations is key to the success of this individual.

The responsibilities of the Information Security Advisor to include, but are not limited to:

• Work with Product and Project Managers, Business Analysts, Solutions Architects, and Support Team to ensure CVS Health security standards are implemented.
• Actively participate in reviewing security risks for new projects or initiatives.
• Promote the (SSDLC) Security Software Development Life cycle. Support the 'Prevent' and 'Validate' staff awareness of Information security related issues and risks, and influence of behaviors of IT and Business staff as part of mitigating these risks.
• Supporting the team to identify roadmaps, tuning and improvement opportunities within the Security Risk Management/Advisory
• Collaboratively work with peers to ensure operational excellence.
• Governance / execution over risk assessment / risk advisory process and tools of CVS Health assets.
• Serve as the liaison to CVS Business and IT stakeholders as it pertains to the identification, classification, and remediation of security-related risks.
• Compile and deliver Executive level metrics and reporting on Information security risks, trends, and observations.
• Communicate with auditors and regulators during compliance and regulatory reviews.
• Participate in information security audits ensuring technical compliance with security related regulatory requirements (PCI, SOX, PII, PHI, etc.).
• Proactively review CVS Health's information security and related risks threats and vulnerabilities, legal and regulatory compliance
• Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
• Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with technical requirements and its implementation methodologies.

Required Qualifications
Minimum 8 years' of experience in IT Security/Risk management, Software Development (DevSecOps), Cloud Security, Cyber Security Audit or Vulnerability Management.

• Technical knowledge of current information security technologies and experience in the delivery of technologies in one or more of the following domain areas: Identity and Access Management, Application Security, Infrastructure/Network Security, System & Data Security, and Regulatory/Standards Compliance.
• Experience with development and administration of Security risk assessments, security risk consulting and reviews
• Experience with industry frameworks and standards such as NIST 800-53 (Risk Management), 800-66, and the NIST CSF, PCI-DSS, HiTrust CSF, CIS, and ISO 27001/2
• Strong client relationship management experience and skills
• Experience working with teams in large complex environments

COVID Requirements
COVID-19 Vaccination Requirement
CVS Health requires its Colleagues in certain positions to be fully vaccinated against COVID-19 (including any booster shots if required), where allowable under the law, unless they are approved for a reasonable accommodation based on disability, medical condition, pregnancy, or religious belief that prevents them from being vaccinated.
  • If you are vaccinated, you are required to have received at least one COVID-19 shot prior to your first day of employment and to provide proof of your vaccination status within the first 30 days of your employment. For the two COVID-19 shot regimen, you will be required to provide proof of your second COVID-19 shot within the first 60 days of your employment. Failure to provide timely proof of your COVID-19 vaccination status will result in the termination of your employment with CVS Health.
  • If you are unable to be fully vaccinated due to disability, medical condition, pregnancy, or religious belief, you will be required to apply for a reasonable accommodation within the first 30 days of your employment in order to remain employed with CVS Health. As a part of this process, you will be required to provide information or documentation about the reason you cannot be vaccinated. If your request for an accommodation is not approved, then your employment may be terminated.

Preferred Qualifications
• Experience managing Information Security Governance, Risk, Compliance (GRC) in Healthcare or Fortune 100 organizations a plus.
• Knowledge of Agile frameworks (e.g. Scrum, XP, SAFe, FDD, etc.) as part of different software delivery models
• Experience as a Solutions Analyst or (Technical) Business Analyst
• Ability to interface with different groups (Third parties, Business, and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
• Experience with more than one major IT discipline (distributed computing, networks, application design and development, IT security and business recovery)
• Previous experience in vulnerability management is a plus
• Experience developing web applications, preferably hard-core financial, e-commerce, or business applications that face the Internet is a plus

Bachelor's degree in computer science, management of information systems, or related technical degrees.

One or more certifications in Information security including CISSP, CCSPF, CRISC, CISA, CISM, CCSP or other equal security related designation/s

Business Overview
At CVS Health, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.

We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, sex/gender, sexual orientation, gender identity or expression, age, disability or protected veteran status or on any other basis or characteristic prohibited by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.