Senior Security Risk Management Analyst

Job DescriptionAs part of the Retail Security Compliance team this resource will manage the tracking and oversight of risk-based vulnerabilities aligned to the IT Retail and Corporate Systems portfolio. Accountabilities include vulnerability reporting, maintaining insights into remediation plans, monitoring enterprise-wide Vulnerability Management priorities, as well as supporting Retail and Corporate Systems application managers with process / procedures within the Vulnerability Management space. They will interact closely with the Retail Security Compliance management team, other domain leads, application teams, and key members of the corporate-wide Information Security team. They will serve as an instrumental resource to help maintain focus on the overall security compliance support posture for IT Retail. RESPONSIBILITIES: Provide support to key stakeholders by maintaining line of sight into risk levels, workload, priorities, and timelines Provide proactive, timely, targeted communications, alerts, and escalations as needed to help maintain awareness to changing priorities within IT Retail, minimize risk and effectively address issues related to schedule, tower alignment, data, etc. as they arise Ensure data integrity and accuracy of vulnerability data within our tools Provide guidance and high-quality support services to application teams through the development and continuous improvement of communications, job-aids, processes, tools, and frameworks to help them effectively maneuver the shifting Vulnerability Management landscape and deliverablesRequired Qualifications 3+ years experience demonstrating understanding of the processes for the design, development, testing and implementation of application software 3+ years experience with IT security-related regulations such as HIPAA, SOX, SOC1, SOC2, HITRUST.COVID RequirementsCOVID-19 Vaccination RequirementCVS Health requires certain colleagues to be fully vaccinated against COVID-19 (including any booster shots if required), where allowable under the law, unless they are approved for a reasonable accommodation based on disability, medical condition, religious belief, or other legally recognized reasons that prevents them from being vaccinated. You are required to have received at least one COVID-19 shot prior to your first day of employment and to provide proof of your vaccination status or apply for a reasonable accommodation within the first 10 days of your employment. Please note that in some states and roles, you may be required to provide proof of full vaccination or an approved reasonable accommodation before you can begin to actively work.Preferred Qualifications Knowledge of IT security and compliance best practices and theory Exposure to Qualys or other vulnerability scanning / monitoring tools Security certifications such as CISSP, CISA, CRISC, CISM, etc. Previous work experience in Application Development, Project Management, Information Security, or a related practice field. Results-oriented, self-directed Demonstrated versatility and ability to handle concurrent high priority tasks Solid organizational and analytical skills Strong written and oral communication skills Strong proficiency in MS Excel, data analysis, and related formula, lookup functions Ability to work effectively across a variety of functional IT and business areasEducationBachelor's degree or equivalent years of experience.Business OverviewBring your heart to CVS HealthEvery one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand - with heart at its center - our purpose sends a personal message that how we deliver our services is just as important as what we deliver.Our Heart At Work Behaviors support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.

Created: 2025-10-04