Technical Security Analyst

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

As a Security Risk Operations Lead you will:

• Conduct thorough technical Security Risk Assessments on Production Environment applications to identify vulnerabilities, threats and risks.
• Assess vulnerability management, scans, patching status, secure baselines, penetration test result, etc.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in Control Standards
• Collaborate with other IT professionals, including network engineers, developers, and system administrators, to understand how security measures are integrated into existing systems and processes.

Required Qualifications

• 7+ years of information security or related experience
• 7+ years of experience identifying security risk within technology implementations with broad technical expertise and knowledge of current security threat and vulnerability trends including cloud, AI, etc.
• 7+ years of experience with security controls and alignment to key regulations (NIST, ISO, HITRUST, HIPAA, PCI)
• 5+ years experience managing work efforts with both internal and external partners in a highly collaborative environment
• 5+ years of experience demonstrating critical thinking and knowledge of risk management processes, tools, and techniques

Preferred Qualifications

• Strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)
• Technical acumen in regards to on prem applications, API, Encryption technologies, Container Security
• Experience with Information security policies and procedures
• Strong interpersonal, communication, and collaboration skills
• Relevant Industry Certifications such as CISSP, CRISC
• Knowledge of regulatory standards including NIST, SOX, SOC, HIPAA, PCI and HITRUST
• Understanding of current security threat and vulnerability trends
• Knowledge of cloud security architecture, best practices and frameworks
• Experience with Security development methodologies
• Working knowledge of Security Risk Management practices and processes

Education

Bachelor’s degree or equivalent experience (High School Diploma and 4+ years relevant experience)