Cybersecurity Risk Analyst ( Remote )
$83,430 - $222,480/Yr
CVS Health - Dover, DE
posted 20 days ago
Full-time - Mid Level
Remote - Dover, DE
Health and Personal Care Retailers
About the position
The Cybersecurity Risk Analyst at CVS Health is responsible for enhancing the cybersecurity maturity of third parties through continuous monitoring and risk assessment. This role involves collaboration with various internal teams and external contacts to identify, analyze, and manage cybersecurity risks, ensuring effective resolution and awareness of potential threats. The position supports the growth of the continuous monitoring program, aiming to proactively engage with third parties to mitigate risks before they materialize.
Responsibilities
- Work with SOC, lines of business, and third-party contacts to facilitate continuous monitoring actions.
- Identify and analyze risks through the CVS Health continuous monitoring program.
- Collaborate with internal organizations regarding third-party outreach and actions on discrete events.
- Manage, monitor, and coordinate resolution of cybersecurity events to ensure awareness and risk reduction.
- Drive proactive interaction with third parties to avoid risk scenarios through engagement and education on security topics.
Requirements
- 3+ years of experience in an IT Security/IT Risk environment with a large regulated organization.
- 3+ years of experience in risk assessment methodologies, IT/IS Policies and Standards, and industry best practices (ISO 27000, HITRUST, CoBIT).
- 3+ years of experience managing vendor assessments.
- 3+ years of experience with development and administration of risk assessments and reviews.
- 3+ years of experience with cybersecurity assessment processes and disciplines.
- 3+ years of experience in multiple IT disciplines (distributed computing, networks, application design and development, IT security, and business recovery).
Nice-to-haves
- Previous cybersecurity risk assessment experience within Healthcare or other highly regulated environments.
- Experience with regulatory requirements, including HIPAA and PCI-DSS.
- Knowledge of Information Security frameworks, including ISO27001 and the NIST CSF.
- Background in Cloud, AI, or other IT/IS areas.
- Strong interpersonal and communication skills to build relationships at all levels.
- Knowledge of web application security testing and vulnerability testing tools.
- Knowledge of network-level penetration testing.
- Experience with source code reviews using automated tools such as Veracode.
Benefits
- Medical, dental, and vision benefits.
- 401(k) retirement savings plan.
- Employee Stock Purchase Plan.
- Fully-paid term life insurance.
- Short-term and long-term disability benefits.
- Well-being programs and education assistance.
- Free development courses.
- CVS store discount and discount programs with partners.
- Paid Time Off (PTO) and paid holidays.
