Security Risk Management Analyst

2-5 years of Security Audit Management, Third Party Risk Management or information security related experience
2+ years experience working with common security frameworks and regulations, including but not limited to NIST 800-53, ISO 27001/2, HIPAA/HITECH, HITRUST and the PCI-DSS

Represent CVS Health information security practices via our client facing Information Security Client Assurance function
Provide extraordinary support to our clients and navigate complex client security assurance relationship issues
Partner with other technology teams, business account teams, legal & privacy
Delight clients by providing Request For Information/Proposal (RFI/P) responses
Respond to client third party risk management questionnaires
Update client facing security materials based on the latest industry trends
Leverage & maintain a current knowledge base for all information security policies, standards, procedures and practices

Knowledge of Enterprise level Information security policies and procedures
Working knowledge of regulatory (including audit frameworks) standards, including but not limited to NIST 800-53, SOX, SOC1/SOC2 Type II audits, HIPAA/HITECH, HITRUST, and the PCI-DSS
Previous experience in a client facing security role, third party risk management or controls assurance function
Cloud Security Control frameworks a bonus
Skill in Control evaluation, audit, and testing
Understanding security schedule legal terminology
Technical control negotiations
Strong interpersonal and collaboration skills
Strong written and verbal communication skills
Ability to comprehend implications of security risk & technical control implementations
Worked independently
Take initiative; Be a self-starter
Execute on assigned tasks
Collaborate across many teams