Executive Director, Emerging Risk Assurance

We're building a world of health around every individual - shaping a more connected, convenient and compassionate health experience. At CVS Health, you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger - helping to simplify health care one person, one family and one community at a time.

Position Summary The Executive Director, Emerging Risk Assurance leads CVS Health's third-line assurance function over AI, machine learning, intelligent automation, and other emerging risk areas that introduce algorithmic or autonomous decision-making into business processes. Operating within Internal Audit, this role applies rigorous audit methodology to independently assess whether governance and risk management controls over these areas are designed effectively and operating as intended, providing objective assurance to senior leadership and the Audit Committee.

This role is distinct from and complementary to Internal Audit's Digital, Data, Analytics, and Technology (DDAT) Risk-Based Audit function, which provides assurance over established technology domains including cloud infrastructure, cybersecurity, and core IT operations. Where emerging risk extends into those domains, the two teams coordinate to ensure consistent coverage without duplication.

This position does not set strategy or govern how AI and emerging solutions are built and deployed. Instead, it provides structured, independent evaluation of those activities, partnering closely with technology, digital, data, compliance, cybersecurity, finance, and risk functions to surface gaps and drive accountability. In addition to formal assurance engagements, this role provides advisory support during the design and implementation of AI governance structures, helping the organization get it right early without Internal Audit assuming management responsibility.

While this role does not own management's AI strategy or first- and second-line execution, it does define Internal Audit's emerging risk assurance strategy, evidence standards, testing expectations, and reporting approach for AI and emerging risk.

The Executive Director also supports the modernization of CVS Health's IA function by coordinating with the team on the adoption of AI-enabled testing, advanced analytics, and automation into SOX and risk-based audit programs, helping increase coverage, scalability, and the early identification of risk.

The ideal candidate is a seasoned audit professional with deep expertise in technology risk and a strong command of AI, machine learning, intelligent automation, and data-driven assurance methods.

Major Responsibilities
1. Emerging Risk Assurance Provide independent assurance over enterprise AI governance activities, validating that AI policies, standards, and procedures are being followed consistently across the organization.

Assess governance structures, risk management frameworks, and accountability mechanisms surrounding the adoption of emerging solutions that introduce autonomous or algorithmic decision-making ess how business process owners validate and rely on AI outputs, review data governance and responsible AI practices including fairness, bias, transparency, safety, robustness, explainability, privacy and security, and human oversight across AI deployments.

Assess controls over third-party AI risk, including named model providers, embedded AI capabilities within SaaS and enterprise platforms, open-source models and library dependencies, and broader AI supply-chain risk.

Build continuous assurance capabilities across AI and emerging risk, establishing repeatable evidence collection across model lifecycle, change management, monitoring, logging, and post-deployment oversight to enable ongoing rather than point-in-time coverage.

Work across enterprise segments and partner with first- and second-line teams to drive consistency in evidence readiness, control documentation, and remediation accountability.

Provide advisory support to the AI Governance Council and technology teams during the design and…