Senior Analyst, Information Security – Cyber Resiliency

Job Description: • Provides operational support for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Cyber Resiliency team, guiding colleagues in facilitating Cyber Resiliency activities across the enterprise • Responsible for meeting goals, priorities, and timelines in support of the DDAT Cyber Resiliency Program • Contribute toward development and implementation of policies, procedures, and controls ensuring compliance with Cyber Resiliency NIST framework • Conducts risk assessments to identify areas of potential non-compliance and assist with developing strategies to mitigate risks • Seek to continuously improve controls, processes, and systems to enhance the effectiveness and efficiency of the Cyber Resiliency program • Provide training and education to colleagues across all levels of the organization on Cyber Resiliency requirements and industry best practices • Oversees preparation and submission of required Cyber resiliency reports to management, DDAT, Audit Services, external auditors, and regulators • Coordinate activities of internal and external assessments, including supporting audit planning, execution, and follow up • Collaborate with key stakeholders, including management, Legal, Internal Audit, and external assessors, ensuring alignment and support of the Cyber Resiliency Program • Monitor and assist with enforcing adherence to policies, standards, procedures, and controls through regular assessments and audits Requirements: • 2-3 years of GRC or Cyber resiliency experience, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment • Working knowledge of Information Security policies and procedures; experience supporting GRC programs • Working knowledge and understanding of cyber resiliency concepts and frameworks • Assist in development, implementation, and maintenance of the organization’s cyber resiliency program, ensuring adherence to regulatory requirements and industry best practices • Plan, coordinate, and execute testing of internal controls to evaluate their effectiveness in mitigating risks and ensuring accuracy of reporting • Understanding of disaster recovery, cyber incident response, crisis management and business continuity testing concepts • Maintain documentation of processes, controls, and testing related to cyber resiliency requirements; create and prepare metrics and reporting on findings and recommendations for management • Solid understanding of relevant regulations and frameworks aligning to NIST 800 and NIST CSF Frameworks, ISO, HITRUST, HIPAA, PCI, ZTMM • Possess security architecture and engineering knowledge including zero trust concepts • Demonstrates analytical and problem-solving skills with ability to analyze and interpret operational data, trends, assess risks effectively, and make recommendations for improvement • Possess excellent verbal and written communications skills to effectively engage and advise stakeholders at all levels of the organization Benefits: • Affordable medical plan options • 401(k) plan (including matching company contributions) • Employee stock purchase plan • No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching • Paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility Apply tot his job