Senior Governance, Risk, and Compliance Engineer

Job DescriptionJob Description As a senior engineer of Governance, Risk, and Compliance, you will assist in simplifying and digitizing the governance practices, maintaining the risk assessment framework in response to emerging risks regulatory requirements, and protecting the organization's integrity. You will be a point of contact to ensure that appropriate preventive, detective, and response controls are established to manage risk and develop and implement remediation strategies to close gaps. This position will also coordinate the implementation of Aetna Digital compliance and oversee the operational compliance coordination with applicable international, federal, and state rules, regulations, and statutory requirements with a particular focus on HIPAA, PCI, HITRUST SOC, Privacy, and other Compliance programs. This position also serves as an enterprise-wide consultant to typical organizational compliance issues, including the regulatory interpretation and training monitoring for existing and proposed directives.Pay RangeThe typical pay range for this role is:Minimum: 75,000Maximum: 167,000Please keep in mind that this range represents the pay range for all positions in the job grade within which this position falls. The actual salary offer will take into account a wide range of factors, including location.Required Qualifications3+ years of experience automating and simplifying GRC processes to make it easier to get work done. 1+ years of experience understanding application penetration testing and security scanning tools (e.g., SAST, DAST, IAST, etc.). 1+ years of experience understanding of common software vulnerabilities and their remediation/mitigation techniques. 1+ years of experience of regulatory and industry security standards. 1+ years of knowledge of vulnerability assessment using industry best practice such as OWASP Top 10, CWE/SANS Top 25 standards. 1+ years of experience with false positive analysis to verify vulnerabilities. 1+ years reviewing and understanding any vulnerabilities that are present against the application requesting support. 1+ year of experience demonstrating security testing results, explain the threat presented by the results, and consult on remediation/ mitigationCOVID RequirementsCOVID-19 Vaccination RequirementCVS Health requires certain colleagues to be fully vaccinated against COVID-19 (including any booster shots if required), where allowable under the law, unless they are approved for a reasonable accommodation based on disability, medical condition, religious belief, or other legally recognized reasons that prevents them from being vaccinated. You are required to have received at least one COVID-19 shot prior to your first day of employment and to provide proof of your vaccination status or apply for a reasonable accommodation within the first 10 days of your employment. Please note that in some states and roles, you may be required to provide proof of full vaccination or an approved reasonable accommodation before you can begin to actively work.Preferred QualificationsDeveloping compliance policies, procedures, and disclosures. Reviewing policies and procedures for compliance with applicable laws and regulations. Coordinating investigation and responses to consumer complaints. Keep current on all existing / emerging compliance regulations relevant to the health industry. Consulting and determining compliance risk in existing and soon-to-be-implemented products, services, and other organizational activities as a part of cross-functional teams. Support compliance staff in their daily duties as needed. Liaise with key stakeholders during planning, monitoring, reporting, and controlling risks. Provide technical consultancy and expertise to Risk Management colleagues regarding regulatory compliance for projects and service delivery. Support the development and delivery of business services and support solutions, provide risk management, compliance event management, periodic review, inspection readiness, and all other Risk Management activities as needed by the Business Processes. Assist in Governance, Risk, and Compliance strategies to support the business model with internal and external processes. Support the audit/inspection awareness and preparedness, and provide coaching/guidance as a compliance authority; Work with business units on the remediation of commitments and tracking status.EducationBachelor's Degree or equivalent work experienceBusiness OverviewBring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand - with heart at its center - our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.

Created: 2025-10-04