At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

The Corporate Functions & PCW IT Compliance Team is looking for a resource to become our Data Protection Domain SME, focusing on information classification, data obfuscation, encryption, and data security controls and governance. This person will help our team build-out, maintain, and continuously improve upon the support framework for Data Protection. He or she will serve as a key player in our day-to-day operations, navigate the Compliance workload and emerging priorities, and provide front-line support for our application teams, ensuring compliance with data privacy and protection policies, industry regulations, and any contractual obligations.

Responsibilities

• Develop and implement data security governance framework that aligns with industry best practices, regulatory requirements, and company policies.

• Guide and assist application teams with identifying data protection gaps and developing remedial action plans for non-conformance to policy requirements.

• Assess and interpret IT policies and control standards for system and operational compliance.

• Maintain key files and relevant data sources for compliance governance and reporting, including operational metrics. This includes maintaining data quality, consistency, and integrity.

• Assist with compilation and maintenance of process documentation, job-aids, FAQs, and other support-related materials for our application teams.

• Promote industry best practices for Data Privacy and Protection, ensuring compliance with relevant regulations and standards such as PCI, SOX, HIPAA, HiTrust, NIST, and others.

• Stay updated on industry trends, emerging data security and privacy engineering technologies, and security threats to continuously improve and evolve data protection strategy and solutions.

Required Qualifications

• Strong knowledge of data protection techniques and best practices, including data obfuscation / masking, sensitive information classifications, encryption at rest and in transit, data retention and destruction.

• 3+ years of experience with implementing data security and privacy engineering solutions and frameworks.

• Knowledge of IT security-related regulations and frameworks such as PCI, HIPAA, SOX, SOC1, SOC2, HiTrust, GDPR, CCPA, NIST, and ISO 27001.

• Strong problem-solving, analytical, critical thinking, and organizational skills with demonstrated versatility to handle concurrent high priority tasks.

• Strong oral and written and communication skills with ability to clearly articulate and communicate complex problems and solutions in a simple, logical, and impactful manner to both technical and non-technical stakeholders.

• Self-motivated with ability to work independently with minimal supervision or without direction, and ability to prioritize work effectively.

• Demonstrated ability to handle concurrent high priority tasks and work in dynamic environment on a daily basis.

• Comfortable operating within areas of ambiguity with ability to iterate and make progress in a consistent manner.

• Experience working on technical projects involving multiple teams, providing management with status on potential issues as well as driving those issues to closure.

• Intermediate to advanced proficiency in MS Excel (pivot tables, lookups, conditional formatting, Power Query, etc.).

Preferred Qualifications

• Security certifications such as CISSP, CRISC, CISA, CISM, CCSP, etc.

• Product Management and Program Management experience.

• Process improvement exposure / Lean / Six Sigma.

Education

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or related field or equivalent work experience (HS diploma + 3 years relevant experience).

• Ongoing education in cybersecurity, data privacy and protection, or related domains is a plus.

Anticipated Weekly Hours

Time Type

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.