Cybersecurity Corporate Audit Manager

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

We are looking for a cybersecurity auditor with auditing, risk, or compliance background, preferably with a focus on healthcare. The candidate will lead cybersecurity audits, as well as serve as the cybersecurity consultant on other audit projects within Internal Audit.

Lead audit teams in an independent internal review of security controls and information systems which includes testing the safety and effectiveness of individual components of cybersecurity defenses. Responsible for designing and executing cybersecurity audits, establishing audit objectives, and assessing the overall structure of the business' systems. Must be proficient in providing written and oral reports on audit findings and understanding how to assess risk based on mitigating and compensating controls. Preferred areas of cybersecurity knowledge to include cloud security (Azure & GCP), network security, data security, application security, system administration, vendor and 3rd party security, ransomware, vulnerability management and security testing tools.

Primary Job Duties & Responsibilities :

Confers with various teams, such as IT, compliance, legal, and executive leadership regarding security risks / gaps and remediation strategies.

Possess an innovative & creative mindset to adopt analytical technology to enhance audit techniques such as data analytics and AI tools.

Able to build relationships across the CVS Digital, Data & Analytics and Technology teams and evolve & thrive in a fast-paced environment.

Provides training and knowledge sharing across Internal Audit about security risks, best practices, and their roles in identifying gaps.

Proven ability to network with other information security specialists to stay up to date with the latest trends, tools, and techniques in cybersecurity auditing internally to CVS and externally for industry best practices.

Required Qualifications

5+ years of experience in information security with a focus on cybersecurity controls.

3+ years of experience in audit methodologies, internal control frameworks, and risk assessments.

3+ years of experience in relevant regulations, standards, and frameworks such as NIST and 5C framework of cybersecurity.

At least 1 certification related to Information Security such as CISA, CRISC, CISM, CISSP, or other industry audit, compliance, or cybersecurity certification.

Preferred Qualifications

Experience in a large and complex environment related to healthcare, insurance, or retail.

Proven ability to lead audit teams on complex engagements.

Strong written and verbal communication skills, with the ability to articulate cyber-security risks clearly and concisely.

Analytical and problem-solving skills, with the ability to assess risks effectively and make informed remediation requests on gaps identified.

Working knowledge of HIPAA, ISO, FTC, PCI DSS, NY DFS, NAIC, SOX, and HITRUST.

Demonstrated ability to collaborate across departments, build relationships with key stakeholders, and influence others to achieve internal audit objectives.

Experience managing or contributing to audit and assessment projects, with a focus on cybersecurity.

Education

• Bachelor's degree or a related field or equivalent (HS Diploma and 4 years of experience) required

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is :

$101,970.00 - $203,940.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits - investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include :

Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan .

No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit

We anticipate the application window for this opening will close on : 12 / 03 / 2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

We are an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex / gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.