Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Security Risk Management Analyst image - Rise Careers
Job details

Security Risk Management Analyst - job 4 of 4

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

This role conducts thorough security risk assessments for new technologies before deployment and technologies post-deployment in the production environment.  Identifies, assesses, analyzes security risks, scrutinizes potential vulnerabilities, and provides risk mitigation strategies to ensure compliance and adherence to information security standards for a seamless and secure integration.  This role will require the colleague to engage project managers, project management team members including developers, architects, infrastructure engineers, and EIS stakeholders as applicable.  This role should be able to describe technical issues to business partners or senior leaders in risk terms that are clear and understandable while still having some subject matter expertise. This role should be able to lead small teams, mentor junior team members, oversee third party contractors, and respond to critical requests.

Required Qualifications

  • 2+ years of information security experience
  • 2+ years working knowledge of common security frameworks and regulations, including but not limited to NIST 800-53, ISO 27001/2, HIPAA/HITECH, HITRUST and PCI-DSS
  • 2+ years working knowledge of Information Technology including Cloud, access management, architecture, infrastructure, operating systems, application/software development, and endpoint security

Preferred Qualifications

  • Industry related certification such as CISSP, CISM, CRISC, etc.
  • Ability to comprehend implications of security risk (inherent risk, residual risks), compensating controls, etc.
  • Solid written and verbal communication skills
  • Ability to demonstrate critical thinking and knowledge of risk management basic processes, tools, and techniques
  • Experience operating in applications including Archer, Qualys, Checkmarx, and Prisma
  • Solid knowledge of Information Security policies and procedures
  • Solid knowledge of regulatory (including Audit frameworks) standards, including but not limited to NIST 800-53, SOX, SOC1/SOC2 Type II audits, HIPPA/HITECH, HITRUST, and PCI-DSS
  • Knowledge of current security threat and vulnerability trends
  • Understanding of cloud Security best practices and frameworks

Education

  • Bachelor’s degree or equivalent experience.

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$64,890.00 - $158,620.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

  • Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

  • No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

  • Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 04/18/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

CVS Health Glassdoor Company Review
3.1 Glassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon Glassdoor star icon
CVS Health DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of CVS Health
CVS Health CEO photo
Karen S. Lynch
Approve of CEO
by CVS Health on Glassdoor

Average salary estimate

$111755 / YEARLY (est.)
min
max
$64890K
$158620K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Security Risk Management Analyst, CVS Health

At CVS Health, we are seeking a passionate Security Risk Management Analyst to join our innovative team in Scottsdale, AZ. This role is all about ensuring the safety of our technologies before they are deployed, as well as analyzing their security post-deployment. As the leading health solutions company in the nation, CVS Health reaches millions of Americans, and we want you to help us care for them by identifying and mitigating potential security risks. In this role, you'll engage with project managers and team members, including developers and engineers, to discuss technical issues in a way that's clear for everyone involved. You'll also have the opportunity to lead small teams, mentor junior members, and respond swiftly to critical requests. A solid understanding of security frameworks like NIST 800-53 and HIPAA is essential to thrive here. If you have 2+ years of experience in information security, knowledge of various IT environments, and industry-recognized certifications such as CISSP or CISM, we’d love to hear from you! At CVS Health, we believe our colleagues fuel our future. Join us in promoting health and wellness while making a real difference in people’s lives. Let's create a more connected and compassionate healthcare experience together.

Frequently Asked Questions (FAQs) for Security Risk Management Analyst Role at CVS Health
What are the key responsibilities of a Security Risk Management Analyst at CVS Health?

The primary responsibilities of a Security Risk Management Analyst at CVS Health include conducting thorough security risk assessments for new technologies and analyzing risks for existing technologies in the production environment. You'll identify vulnerabilities, analyze potential risks, and offer risk mitigation strategies ensuring compliance with information security standards.

Join Rise to see the full answer
What qualifications are required for the Security Risk Management Analyst position at CVS Health?

To qualify for the Security Risk Management Analyst position at CVS Health, candidates must have at least 2 years of information security experience and a working knowledge of security frameworks such as NIST 800-53, HIPAA, and PCI-DSS. Preferred qualifications include industry certifications like CISSP or CISM, as well as solid communication skills.

Join Rise to see the full answer
How does CVS Health foster a supportive work environment for its Security Risk Management Analysts?

CVS Health is committed to creating a supportive workplace. We emphasize the value of each colleague through our inclusive culture, promote wellness initiatives, and offer numerous benefits such as flexible work schedules and tuition assistance, all aimed at nurturing a collaborative and healthy environment for our team members, including Security Risk Management Analysts.

Join Rise to see the full answer
What tools and technologies should a Security Risk Management Analyst at CVS Health be familiar with?

A Security Risk Management Analyst at CVS Health should have experience with applications like Archer, Qualys, and Checkmarx, as well as a solid grasp of cloud security practices and regulatory standards. Familiarity with threat trends and security policies will also be crucial for success in this role.

Join Rise to see the full answer
What is the range of salary for the Security Risk Management Analyst position at CVS Health?

The salary range for the Security Risk Management Analyst position at CVS Health is between $64,890.00 and $158,620.00 annually, depending on factors like experience, education, and geographical location. This position is also eligible for bonuses and a comprehensive benefits package.

Join Rise to see the full answer
Common Interview Questions for Security Risk Management Analyst
Can you describe a time when you performed a risk assessment in a previous role?

When answering this question, focus on the specific steps you took during the risk assessment process. Describe how you identified vulnerabilities, analyzed potential risks, and suggested mitigation strategies. Use metrics or outcomes where possible to highlight your impact.

Join Rise to see the full answer
How do you stay updated on the latest security threats and vulnerabilities?

Discuss your commitment to continuous learning through resources such as industry publications, security conferences, and professional networks. Mention specific sources you follow or courses you take to ensure you stay ahead in the security landscape.

Join Rise to see the full answer
What is your approach to explaining technical issues to non-technical stakeholders?

Emphasize your ability to translate complex technical terms into understandable language. Cite examples where you successfully communicated risks or security measures to business partners, focusing on how this improved decision-making or project outcomes.

Join Rise to see the full answer
What security frameworks are you most familiar with?

List the security frameworks you have experience with, such as NIST 800-53, ISO 27001, or HIPAA. Discuss how you applied these frameworks to ensure compliance and security in past roles, providing specific examples of policies or procedures that you implemented.

Join Rise to see the full answer
Can you explain the difference between inherent and residual risk?

Clearly define both terms. Inherent risk refers to the amount of risk that exists before any controls are applied, while residual risk is what remains after controls are put in place. Use examples from your experience to illustrate these concepts and their implications for security strategy.

Join Rise to see the full answer
Describe your experience with third-party vendors in relation to security assessments.

Share how you approach third-party security assessments, including the criteria you use to evaluate vendor security practices. Mention any frameworks or compliance standards you reference during these assessments.

Join Rise to see the full answer
How do you prioritize security issues when dealing with multiple stakeholders?

Discuss your methodology for prioritization, such as risk impact and urgency. Mention tools or frameworks you've used to help in this process, like risk matrices, and provide examples where effective prioritization led to positive outcomes.

Join Rise to see the full answer
What techniques do you use to educate team members about security best practices?

Talk about your strategies for team education, which might include hosting workshops, creating training materials, or leading discussions on security trends. Emphasize your ability to tailor your teaching methods to different audiences based on their roles.

Join Rise to see the full answer
Have you ever had to respond to a security incident? What was your role?

Share a specific incident where you played a key role in responding to a security threat. Discuss the steps taken during the incident response, your collaboration with others, and the lessons learned that enhanced future security measures.

Join Rise to see the full answer
What would you do if you discovered a major security flaw in the organization’s technology?

Outline a clear response plan, including notifying appropriate stakeholders, conducting a risk assessment, and proposing a remediation strategy. Emphasize the importance of quick communication and teamwork in addressing the flaw effectively.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
CVS Health Hybrid CA - Hawthorne
VIEW
Posted 7 days ago
Badge Changemaker Badge Flexible Culture

Join CVS Health as an Operations Manager and drive store performance while ensuring excellent customer service.

Photo of the Rise User
CVS Health Hybrid PA - Pittsburgh
VIEW
Posted 7 days ago
Badge Changemaker Badge Flexible Culture

As a Staff Pharmacist at CVS Health, you'll lead a team to deliver high-quality healthcare services while supporting pharmacy management and safety protocols.

G
Global KTech Inc. Remote United States
VIEW
Posted 13 hours ago

We are looking for a talented Security Engineer with expertise in identity engineering to join our team at Transmit Security.

Photo of the Rise User
Google Remote Austin, TX
VIEW
Posted 10 days ago
Badge Diversity Champion Badge Future Maker
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Take Risks
Collaboration over Competition
Growth & Learning
Transparent & Candid
Customer-Centric
Social Impact Driven
Rapid Growth
Passion for Exploration
Dare to be Different
Reward & Recognition
Friends Outside of Work
Medical Insurance
Dental Insurance
Vision Insurance
Mental Health Resources
Life insurance
Disability Insurance
Health Savings Account (HSA)
Flexible Spending Account (FSA)
Conferences Stipend
Bias Training
Employee Resource Groups
401K Matching
Paternity Leave
Maternity Leave
Some Meals Provided
Social Gatherings

Join Google Cloud as a Customer Engineer IV to leverage your expertise in cloud technology and facilitate transformational projects for global organizations.

Photo of the Rise User
Lockheed Martin Hybrid Arlington, VA
VIEW
Posted 7 days ago

Join Lockheed Martin as a Senior IT Multi-Functional Info Systems Analyst, delivering high-level IT support to executives and enhancing customer engagement.

E
EXPANSIA Remote Remote
VIEW
Posted 12 days ago

Join EXPANSIA as a DevSecOps Engineer III, where you'll design and automate secure solutions in a fully remote role.

S
Sumitomo Group Public Affairs Committee Remote Jersey City, NJ
VIEW
Posted 7 days ago

Join SMBC Group as a Non-Financial Risk Vice President and lead in shaping our IT and Cyber Risk Management framework.

Photo of the Rise User
Truckstop Remote US Remote
VIEW
Posted 8 days ago

Join Truckstop, leading in freight solutions, as a Senior Salesforce Developer where your expertise will drive impactful innovations.

Photo of the Rise User
Link Solutions, Inc. Hybrid Adelphi, MD, USA
VIEW
Posted 4 hours ago

Join Link Solutions as a Networking and Audio-Visual Cabling Support Specialist, where you will enhance vital IT operations.

Photo of the Rise User
AECOM Remote Arlington, VA
VIEW
Posted 14 days ago

Join AECOM as an Information & Communication Technologies (ICT) Consultant to advance innovative ICT infrastructure projects globally.

Photo of the Rise User CVS Health

We help people with their health wherever and whenever they need us. And we do it with heart. Because our passion is our purpose: Bringing our heart to every moment of your health™.

1311 jobs
MATCH
Calculating your matching score...
BADGES
Badge ChangemakerBadge Flexible CultureBadge Future Maker
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
April 15, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
Someone from OH, Cleveland just viewed Event Specialist at Marble Room
Photo of the Rise User
18 people applied to SOC Analyst I at CBIZ
Photo of the Rise User
Someone from OH, Dayton just viewed Join American Express: Virtual Customer Care Professional – Remote Work at American Express
Photo of the Rise User
Someone from OH, Youngstown just viewed Director, Clinical Informatics at Ro
Photo of the Rise User
9 people applied to Defensive Cyber Operations Engineering Intern at Okta
Photo of the Rise User
Someone from OH, Dayton just viewed Shopify Specialist at Remote VA
L
Someone from OH, Dayton just viewed Mechanical Design Engineer(s) at LTTS
Photo of the Rise User
14 people applied to Junior Security Engineer at Epic
Photo of the Rise User
15 people applied to Investigator, Trust and Safety at Coinbase
Photo of the Rise User
Someone from OH, Dayton just viewed Apply Now: Remote Customer Service Jobs with Pay at 19 Per Hour at NoGigiddy
Photo of the Rise User
100+ people applied to Information/Cyber Security Intern at USAA
H
Someone from OH, Akron just viewed Financial Content Writer at Huntington
W
Someone from OH, Columbus just viewed Director of Regulatory Compliance - WEX Bank at WEX Inc
Photo of the Rise User
Someone from OH, Westerville just viewed Supervisor, Media Finance Operations (Billing/Reporting) at Publicis Groupe
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok