Cybersecurity Risk Analyst ( Remote )
$83,430 - $222,480/Yr
CVS Health - Carson City, NV
posted 20 days ago
Full-time - Mid Level
Remote - Carson City, NV
Health and Personal Care Retailers
About the position
The Cybersecurity Risk Analyst at CVS Health plays a crucial role in enhancing the cybersecurity maturity of third-party vendors through continuous monitoring and risk assessment. This position involves collaboration with various internal teams and external partners to identify, analyze, and mitigate cybersecurity risks, ensuring a proactive approach to security management. The analyst will facilitate the management and resolution of cybersecurity events, contributing to the overall risk reduction strategy within the organization.
Responsibilities
- Work with SOC, lines of business, and third-party contacts to facilitate continuous monitoring actions.
- Identify and analyze risks through the CVS Health continuous monitoring program.
- Collaborate with internal organizations for third-party outreach and understanding of actions on discrete events.
- Manage, monitor, and coordinate resolution of cybersecurity events to ensure awareness and risk reduction.
- Drive proactive interaction with third parties to avoid risk scenarios through engagement and education on security topics.
Requirements
- 3+ years of experience in an IT Security/IT Risk environment with a large regulated organization.
- 3+ years of experience in risk assessment methodologies, IT/IS Policies and Standards, and industry best practices (ISO 27000, HITRUST, CoBIT).
- 3+ years of experience managing vendor assessments.
- 3+ years of experience with development and administration of risk assessments and reviews.
- 3+ years of experience with cybersecurity assessment processes and disciplines.
- 3+ years of experience in multiple IT disciplines (distributed computing, networks, application design and development, IT security, and business recovery).
Nice-to-haves
- Previous cybersecurity risk assessment experience within Healthcare or other highly regulated environments.
- Experience with regulatory requirements, including HIPAA and PCI-DSS.
- Knowledge of Information Security frameworks, including ISO27001 and the NIST CSF.
- Background in Cloud, AI, or other IT/IS areas.
- Strong interpersonal and communication skills to build relationships at all levels.
- Knowledge of web application security testing and vulnerability testing tools.
- Knowledge of network-level penetration testing.
- Experience with source code reviews using automated tools such as Veracode.
Benefits
- Medical, dental, and vision benefits.
- 401(k) retirement savings plan.
- Employee Stock Purchase Plan.
- Fully-paid term life insurance plan.
- Short-term and long-term disability benefits.
- Well-being programs and education assistance.
- Free development courses.
- CVS store discount and discount programs with partners.
- Paid Time Off (PTO) and paid holidays.
