Third Party Risk Governance Analyst

Job Description
* Work at home opportunity for the right candidate
* Internal employees can remain in their current work situation. 

As a Senior Information Security Analyst, you will beresponsible for ensuring CVS data remains secure and all risks, vulnerabilities and defects are managed, tracked and remediated according to policy and/or best practices. The Senior Information Security Analyst is essential for executing the third party assessment program and serving as a contact to participants across the enterprise that put third parties through the program. The Senior Information Security Analyst position is responsible for ensuring that the proper due diligence is performed over our third parties with access to CVS data or our environment.
 
As part of the Third Party Assessment Program, you will be focused on ensuring the security and integrity of CVS Health third parties with access to our data. The Third Party Assessment Program is accountable for mitigating and managing risk related to data. .

Fundamental Components

• Develop reports and evaluate the results of the vendor assessment
• Identify and document control gaps
• Review and  interpret results of vulnerability assessments and penetration testing
• Communicate with auditors and regulators during compliance and regulatory reviews
• Participate in information security audits ensuring technical compliance with security related regulatory requirements (PCI, SOX, PII, PHI, etc)
• Collaboratively work with peers to ensure operational excellence
• Contribute to or help lead current state risk assessments, continual risk assessments, risk metrics and visualization and integrated operational risk management
• Identify and prioritize risk based on impact and likelihood
• Work directly with key business leaders to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management
• Assist in Policy/Standard development and security awareness and training
• Ensure security programs are in compliance with applicable laws, regulations and policies to minimize risk and audit findings

Background Experience
Required Skills for the Senior Information Security Analyst:

• 1-3+ years of experience with Compliance, risk management, IT audit, IT Security or related experience/education

 
Preferred Skills for the Senior Information Security Analyst:

• Experience with risk management concepts and processes and a background in external or internal audit
• Experience with risk assessment methodologies, IT/IS Policies and Standards, IT risk standards and industry best practices (ISO 27000, HITRUST, CoBIT, Managing Vendor Assessments).
• Experience with managing vendor assessments
• Experience with development and administration of risk assessments and reviews
• Experience with more than one major IT discipline (distributed computing, networks, application design and development, IT security and business recovery)
• Experience with client relationship management
• Experience with relevant regional regulatory requirements 
• Experience with IT risk standards and industry best practice approaches such as ISO 17799, HITRUST, and CoBit 
• Experience with web application security testing and vulnerability testing tools.
• Experience with network-level penetration testing
• Experience with source code reviews using automated tools such as Veracode and/or manual analysis

 
Education:

• Verifiable high school diploma
• Bachelor’s degree (required)

Additional Job Information
- Business Focus Discuss third parties, risks, and controls specific to business areas
- Strong Communication Builds and maintains positive relationships with management, team members, and stakeholders across CVS Health using effective written and oral communication practices. This position will foster collaboration internally across the enterprise while drawing in diverse groups to share ideas, information, and resources to strengthen the program. This position will also be responsible for building cooperation and trust between departments and other groups. In this position, one will be able to influence others using program knowledge, negotiation methods, and is able to overcome objections which lead to consensus among constituents.

Education
Bachelor's degree or equivalent experience

Percent of Travel Required
0 - 10%