Senior Manager, Cybersecurity Compliance

Defines operational activities and executes on strategic direction related to Technology Compliance for CVS Health’s Digital, Data, Analytics & Technology (DDAT) Compliance team. Partners with process and control owners to define and develop audit response strategy in support of SOX, SOC 1, SOC 2, PCI, HITRUST, NIST 800-53, NYDFS, and other applicable cybersecurity regulations and frameworks. Manages, develops, and implements procedures, controls, and reporting to ensure technology compliance. Consults on efforts to continuously improve internal controls, processes, and systems to enhance the effectiveness and efficiency for the program. Partners with IT and business colleagues to educate on risk and provide actionable metrics that measure the effectiveness of controls. Partners with Learning and Development to create risk management training material. Partner with key stakeholders, including senior management, Legal, Internal Audit, and external assessors, to ensure alignment and support of the Technology Compliance Program. 

Required Qualifications

• 7+ years of internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment.
• 5+ years of experience in audit methodologies, internal control frameworks, risks assessments, and control testing techniques.
• 5+ years of experience in technical project and program management, working on efforts with both internal and external partners in a highly collaborative environment.
• 3+ years of experience with Cloud Security engineering and/or architecture.

Preferred Qualifications

• Experience with AI and Machine Learning Governance
• In-depth knowledge and understanding of Sarbanes Oxley, SOC 1, and SOC 2 regulation including its requirements, regulations, and implications for financial reporting and internal controls.
• Strong understanding of relevant regulations and frameworks aligning to NIST, ISO, HITRUST, HIPPA, PCI
• DevSecOps experience and solid understanding of cloud infrastructure and cybersecurity
• Strong attention to detail and accuracy when conducting assessments, documenting processes, and reviewing controls to ensure compliance with SOX requirements.
• Exceptional interpersonal skills with the ability to collaborate across departments and influence stakeholders at all levels.
• Strong analytical and problem-solving skills with the ability to analyze and interpret complex regulations, operational data, trends, assess risks effectively, and make recommendations for improvement.
• Demonstrated ability to collaborate effectively with cross-functional teams, build relationships with key stakeholders, and influence others to achieve compliance objectives. 
• Excellent written and verbal communication skills with the ability to articulate complex concepts clearly and concisely.
• Experience leading design for risk management frameworks as well as defining and identifying cybersecurity risks.
• Solid program management skills including strategic planning, decision-making, and project management.
• Healthcare, Insurance, or Retail industry business practices and risks
• Certifications: Certified Information Systems Security Professional (CISSP) and/or Certified in Risk and Information Systems Control (CRISC)
  

Education

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience (High School Diploma and 4 years relevant experience)