CVS Health

Third Party Risk Analyst- Security Operations

Posted 3 days ago

Job Description

Job Description
The Third Party Risk Analyst will work with CVS Health business owners, third party resources and other key stakeholders to drive the cyber security maturity of CVS Health's third parties. This position is accountable for identification and disposition of third party assessment requests and resolution of continuous monitoring events identified through CVS Health's assessment and continuous monitoring program. The position will manage, monitor, and coordinate third party risk activities for assigned requests.

CVS Health's Third Party Risk Governance team must work directly with CVS Health business lines and third party contacts to ensure the appropriate protection of sensitive data. In this role, the successful candidate must have the ability to collaborate and drive resolutions. The successful candidate will find themselves in an environment that recognizes and supports the need to drive change across CVS Health's third party portfolio. Candidates should demonstrate:
* Ability to directly or indirectly work with business lines, subject matter experts and other constituents to ensure understanding of key security controls for use of third parties.
* Work with third parties to implement key security controls in accordance with CVS Health Global Security strategy and vision for protection of sensitive data.
* Build and maintains positive relationships with management, team members, and stakeholders across CVS Health using effective written and oral communication practices. Possess the ability to influence others using program knowledge, negotiation methods, and be able to overcome objections.
* Possess a foundational understanding of common technology architectures. Will be able to credibly understand high level system architecture and data flow diagrams for the purpose of identifying gaps in disclosure and risk categorization.
* Demonstrate knowledge of key regulatory risks and controls for assigned business lines. Understanding of HIPAA/HITECH required, SarbanesOxley and PCI desired.
* Ability to effectively communicate complex Cyber Security issues to nontechnical audiences
* Proven track record of driving programs, project, or issues to completion

Required Qualifications
* 2- 5+ years of experience with risk management

Preferred Qualifications
* Experience working with Third Party Risk
* Experience working in the healthcare industry
* Technology development and/or Applications/Operational support experience
* Experience working with Tableau

Bachelor's degree or equivalent work experience

Business Overview
At Aetna, a CVS Health company, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.

We are committed to maintaining a diverse and inclusive workplace. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, gender, gender identity, age, disability or protected veteran status. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.