Security and Compliance Analyst

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

The Security and Compliance Analyst (VP Point of Contact) is a highly visible role within the CVS Caremark organization responsible for ensuring effective governance of application security and compliance requirements. This position serves as a critical liaison between CVS Enterprise security and audit teams, business stakeholders, and application development teams to strengthen CVS Health s cybersecurity posture and compliance framework.

The VP Point of Contact (VP POC) will collaborate with peers across CVS Enterprise security and audit teams to provide expert guidance on integrating security best practices throughout the Software Development Lifecycle (SDLC). The role focuses on vulnerability management, scanning and remediation, strategic infrastructure security implementation, and risk assessment. The analyst will evaluate enterprise risks based on identified vulnerabilities and threats, recommend mitigation strategies, provide regular updates to IT management, and support audit response activities.

• Participate in daily and weekly meetings with vulnerability management teams, lines of business, towers, and application owners to track status and progress of assigned vulnerabilities
• Ensure proper alignment of vulnerability assignments across lines of business, towers, and application groups
• Drive the creation, tracking, and timely closure of vulnerability remediation plans in accordance with CVS Health security timelines
• Monitor remediation of critical vulnerabilities within required time frames (Critical: 7 days, High: 90 days, Medium: 180 days, Low: 365 days)
• Ci security requirements

• Advise business stakeholders and development teams on proper security practices throughout the Software Development Lifecycle
• Evaluate user needs and system functionality to help develop comprehensive IT security strategies for security scanning and detection
• Provide strategic guidance on infrastructure technologies to implement layered defense mechanisms
• Assess and communicate enterprise risks based on vulnerability findings and emerging threats
• Recommend appropriate mitigation strategies aligned with business objectives

• Partner with internal and external auditors during compliance and regulatory reviews
• Contribute to and influence application security policies across Pharmacy Services IT and the broader CVS enterprise
• Ensure adherence to CVS Health cybersecurity compliance requirements and industry standards

• Support continuous monitoring and assessment initiatives
• Continuous monitoring

• Provide appropriate updates and security status reporting to IT management
• Facilitate meetings with both technical and business audiences across multiple functional departments
• Document and track security remediation plans and exceptions
• Communicate complex security topics effectively to diverse stakeholder groups

• 3+ years of experience in application security, monitoring/management, vulnerability management, or risk and compliance
• 3+ years of experience working across all phases of SDLC and CI/CD pipelines
• 1+ years of experience managing or coordinating large-scale projects
• Strong understanding of security principles and secure coding practices
• Secure coding

• Background and understanding of networking and network security technologies, including:
• Azure Cloud security policy adherence
• TCP/IP networking knowledge (networking architecture, firewall configuration, DMZ layout)
• Advanced web technology knowledge (HTTP, HTML, SQL)
• Advanced…