IT Corporate Audit - Cybersecurity - Manager

includes testing the safety and effectiveness of individual components of cybersecurity defenses. Responsible for designing and executing cybersecurity audits, establishing audit objectives, and assessing the overall structure of the business' systems. Must be proficient in providing written and oral reports on audit findings and understanding how to assess risk based on mitigating and compensating controls. Preferred areas of cybersecurity knowledge to include cloud security (Azure & GCP), network security, data security, application security, system administration, vendor and 3rd party security, ransomware, vulnerability management and security testing tools.Primary Job Duties & Responsibilities

• Confers with various teams, such as IT, compliance, legal, and executive leadership regarding security risks/gaps and remediation strategies.
• Possess an innovative & creative mindset to adopt analytical technology to enhance audit techniques such as data analytics and AI tools.
• Able to build relationships across the CVS Digital, Data & Analytics and Technology teams and evolve & thrive in a fast-paced environment.
• Provides training and knowledge sharing across Internal Audit about security risks, best practices, and their roles in identifying gaps.
• Proven ability to network with other information security specialists to stay up to date with the latest trends, tools, and techniques in cybersecurity auditing internally to CVS and externally for industry best practices.

Required Qualifications

• 5+ years of experience in information security with a focus on cybersecurity controls.
• 3+ years of experience in audit methodologies, internal control frameworks, and risk assessments.
• 3+ years of experience in relevant regulations, standards, and frameworks such as NIST and 5C framework of cybersecurity.
• At least 1 certification related to Information Security such as CISA, CRISC, CISM, CISSP, or other industry audit, compliance, or cybersecurity certification.

Preferred Qualifications

• Experience in a large and complex environment related to healthcare, insurance, or retail.
• Proven ability to lead audit teams on complex engagements.
• Strong written and verbal communication skills, with the ability to articulate cyber-security risks clearly and concisely.
• Analytical and problem-solving skills, with the ability to assess risks effectively and make informed remediation requests on gaps identified.
• Working knowledge of HIPAA, ISO, FTC, PCI DSS, NY DFS, NAIC, SOX, and HITRUST.
• Demonstrated ability to collaborate across departments, build relationships with key stakeholders, and influence others to achieve internal audit objectives.
• Experience managing or contributing to audit and assessment projects, with a focus on cybersecurity.

Education

Bachelor's degree or a related field or equivalent (HS Diploma and 4 years of experience) requiredAnticipated Weekly Hours
40Time Type
Full timePay Range

The typical pay range for this role is:$101,970.00 - $203,940.00This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.Great benefits for great peopleWe take pride in our comprehensive and competitive mix of pay and benefits - investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefitsWe anticipate the application window for this opening will close on: 07/31/2025Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.