Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy, and consent to receive emails from Rise
Jobs / Job page
Senior Manager, GRC Policy and Governance image - Rise Careers
Job details

Senior Manager, GRC Policy and Governance

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary


Information Security Senior Manager will be responsible for development and implementation of information security policies, standards, procedures. Consults on a variety of issues related to control standards and procedures. Facilitates and manages annual reviews and attestations of policies, standards and procedures. Ensures alignment across stakeholder groups for policies and standards, and policy exceptions within the EIS risk management framework.   Demonstrates in depth knowledge of industry frameworks and will provide appropriate updates to designated management and assist in responding to audits as necessary. The Information Security Senior Manager will report to the Senior Manager of Governance Program and Strategy.

Primary responsibilities include:

  • Assists in development, implementing and supporting CVS Health's enterprise-wide Information Security policies, standards and procedures and maintain a communication plan to ensure policies and standards changes are known throughout all functional groups of the business.
  • Demonstrates technical writing expertise to assist in development of security control procedures.
  • Provides training, coaching and feedback on governance to all stakeholders.
  • Maintains an awareness of state and federal regulations/legislation and other governing requirements; provide guidance on the controls, and policies, standards and procedures necessary to protect sensitive data and achieve regulatory compliance.
  • Partners with key stakeholders to maintain the policy and standard framework ongoing maintenance to ensure alignment with business, industry and regulatory requirements.

Required Qualifications

  • 7+ years of experience with Information Security policies and procedures management, risk management practices and principles.
  • Knowledge of privacy regulations as they relate to PII and PHI to understand security program interfaces with privacy risk.
  • 5+ years of experience GRC Tools such as Archer and/or ServiceNow.
  • 5+ years of experience with process mapping and identification of process controls.


Preferred Qualifications

  • Deep understanding of security frameworks and regulatory standards including NIST, SOX, SOC, HIPAA, PCI and HITRUST.
  • Strong interpersonal and collaboration skills and leadership presence.
  • Proven leadership in analysis, reporting, and communicating risk.
  • A self-driven and motivated individual who can clearly articulate complex security concepts to leadership and to stakeholders outside of Information Security.

Education

  • Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience).

Pay Range

The typical pay range for this role is:

$118,450.00 - $236,900.00


This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

  • Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

  • No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

  • Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 04/25/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

CVS Health Glassdoor Company Review
3.1 Glassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon Glassdoor star icon
CVS Health DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of CVS Health
CVS Health CEO photo
Karen S. Lynch
Approve of CEO
by CVS Health on Glassdoor

Average salary estimate

$177675 / YEARLY (est.)
min
max
$118450K
$236900K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Senior Manager, GRC Policy and Governance, CVS Health

At CVS Health, we're on a mission to transform health care, and we're looking for a Senior Manager, GRC Policy and Governance to join our dedicated team working from home in Pennsylvania. In this exciting role, you'll be at the forefront of creating and implementing robust information security policies, standards, and procedures that safeguard our invaluable data. Your expertise will shine as you consult on control standards, maintain alignment across stakeholder groups, and manage annual reviews of policies to ensure compliance with state and federal regulations. Your role as a Senior Manager will involve training and coaching stakeholders and keeping them in the loop about policy changes across the enterprise. You'll also leverage your extensive knowledge of industry frameworks, aiming to streamline our governance program and support audits as necessary. Ideally, you have over seven years of experience in information security management, particularly with privacy regulations and risk management practices. Familiarity with GRC tools such as Archer and ServiceNow will also elevate your application. We're excited to see someone who speaks the language of security frameworks like NIST, SOX, SOC, HIPAA, and others. Bring your strong leadership and collaboration skills to CVS Health, where your commitment to protecting sensitive data will help us continue to provide compassionate care to millions.

Frequently Asked Questions (FAQs) for Senior Manager, GRC Policy and Governance Role at CVS Health
What are the primary responsibilities of the Senior Manager, GRC Policy and Governance at CVS Health?

The Senior Manager, GRC Policy and Governance at CVS Health is primarily responsible for developing, implementing, and supporting the enterprise-wide information security policies, standards, and procedures. This role also involves conducting annual policy reviews, guiding stakeholders on governance, and maintaining compliance with privacy regulations related to sensitive data.

Join Rise to see the full answer
What qualifications are required for the Senior Manager position at CVS Health?

To qualify for the Senior Manager, GRC Policy and Governance role at CVS Health, candidates need to have a minimum of 7 years of experience in information security management and risk management practices. Additionally, experience with GRC tools, privacy regulations, and a strong understanding of security frameworks is essential for this role.

Join Rise to see the full answer
How does the Senior Manager, GRC Policy and Governance interact with other teams at CVS Health?

The Senior Manager, GRC Policy and Governance collaborates with various stakeholders across CVS Health, ensuring alignment on policy and standards frameworks. This role facilitates communication about policy changes and provides training, coaching, and feedback on governance practices to team members and departments.

Join Rise to see the full answer
Why is knowledge of compliance frameworks important for the Senior Manager, GRC Policy and Governance at CVS Health?

Knowledge of compliance frameworks like NIST, SOX, SOC, HIPAA, and HITRUST is crucial for the Senior Manager, GRC Policy and Governance at CVS Health as it guides the development of robust security policies. This understanding ensures that the organization not only meets regulatory requirements but also protects sensitive customer data effectively.

Join Rise to see the full answer
What are some key skills for success as a Senior Manager, GRC Policy and Governance at CVS Health?

Key skills for success in the Senior Manager, GRC Policy and Governance position at CVS Health include strong technical writing abilities, leadership, collaboration skills, and the capacity to articulate complex security concepts to various stakeholders. A proactive attitude and adaptability to changing regulations are also vital.

Join Rise to see the full answer
Common Interview Questions for Senior Manager, GRC Policy and Governance
Can you explain your experience with information security policies and how it relates to the role of Senior Manager, GRC Policy and Governance at CVS Health?

Certainly! When answering this question, it's beneficial to highlight specific projects or initiatives you've handled, showcasing how your past experience aligns with CVS Health's need for comprehensive security policies. Emphasize your understanding of industry standards and your role in positively impacting organizational compliance.

Join Rise to see the full answer
How do you ensure alignment across different stakeholders when implementing security policies?

To ensure alignment, I typically involve stakeholders from the beginning of the policy development process. I organize workshops and training sessions to discuss the policies, gather feedback, and make necessary adjustments. Highlighting communication skills, adaptability, and relationship-building abilities can strengthen your response.

Join Rise to see the full answer
Can you describe a successful experience you had with risk management in a previous role?

In addressing this, focus on a specific instance where you identified a risk, developed a mitigation strategy, and monitored its effectiveness. Including quantitative outcomes, like reduced incidents or improved compliance scores, will illustrate your impact effectively.

Join Rise to see the full answer
What do you consider the biggest challenges in implementing GRC tools like Archer or ServiceNow?

Discuss the complexities of integration, stakeholder training, and user adoption as common challenges. It’s important to demonstrate problem-solving skills and offer examples of how you've navigated these challenges in your previous experiences.

Join Rise to see the full answer
How do you keep up with state and federal security regulations?

You should discuss various sources, such as government websites, industry publications, and professional networks that keep you informed of regulatory changes. Emphasizing proactive learning through training and certifications can also add value to your answer.

Join Rise to see the full answer
Describe your experience with creating communication plans for policy changes.

Emphasize your technical writing and interpersonal skills. Discuss how you ensure that complex policy changes are communicated clearly to all stakeholders through various channels, and provide an example of a successful communication plan you've executed.

Join Rise to see the full answer
How would you handle resistance from teams when implementing new security policies?

Handling resistance requires understanding the concerns of the team members. I advocate for open dialogue, actively listen to their feedback, and address their worries. Sharing success stories of similar changes can often alleviate concerns, showing the tangible benefits of compliance.

Join Rise to see the full answer
Can you provide an example of how you've trained a team on security governance?

Share a specific training session where you designed materials, facilitated workshops, and assessed understanding through quizzes or discussions. Detailing the positive outcomes, such as improved compliance or boosted confidence among team members, will enhance your response.

Join Rise to see the full answer
What frameworks do you prioritize when developing security policies at CVS Health?

It's crucial to mention the specific frameworks like NIST, SOX, HIPAA, etc., and suggest leveraging these frameworks to align with business objectives and regulatory requirements. Illustrating how you prioritize based on organizational risk assessments will demonstrate your strategic thinking.

Join Rise to see the full answer
How do you measure the effectiveness of security policies?

You might discuss using metrics like compliance audits, incident response times, and employee feedback. Providing an example where you set up a measurement framework that resulted in improved compliance or reduced incidents would give your answer depth and relevance.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
CVS Health Remote Work At Home-Kentucky
VIEW
Posted 10 days ago
Badge Changemaker Badge Flexible Culture

CVS Health is looking for a Provider Performance Senior Manager to lead initiatives in provider engagement and performance metrics.

Photo of the Rise User
CVS Health Hybrid CA - La Jolla
VIEW
Posted 10 days ago
Badge Changemaker Badge Flexible Culture

CVS Health is looking for dedicated Foreign Pharmacy Graduates to join their team as interns, enhancing their clinical skills while providing quality patient care.

Photo of the Rise User
SR International Remote United States
VIEW
Posted 5 days ago

Join the Mississippi Department of Health as a GIS & Website Developer to support vital projects in physician workforce data management.

S
SAP Fioneer Remote No location specified
VIEW
Posted 5 days ago

Join SAP Fioneer as a Cyber Defense Engineer and contribute to innovative cybersecurity solutions in a rapidly growing environment.

Photo of the Rise User
American Express Remote Phoenix, Arizona, United States
VIEW
Posted 5 days ago
Badge Family Friendly Badge Office Vibes
Inclusive & Diverse
Empathetic
Collaboration over Competition
Growth & Learning
Transparent & Candid
Medical Insurance
Dental Insurance
Mental Health Resources
Life insurance
Disability Insurance
Child Care stipend
Employee Resource Groups
Learning & Development

Lead regulatory and audit engagements at American Express as a Director in the Technology sector to enhance compliance and risk management processes.

Photo of the Rise User
University of Hawai'i Hybrid Honolulu, HI
VIEW
Posted 5 hours ago

Join the University of Hawai'i as an IT Specialist and play a key role in supporting and enhancing their information systems.

G
Greater Chicago Counseling Center Hybrid United States
VIEW
Posted 9 days ago

Join our team as an IT Staff/Website Content Moderator, focusing on managing our business website and social media presence.

Photo of the Rise User
Link Solutions, Inc. Hybrid White Sands Missile Range, NM, USA
VIEW
Posted 6 days ago

Join Link Solutions as a Networking Administrator and contribute to innovative IT services for government operations.

Photo of the Rise User
Qiddiya Investment Company Remote No location specified
VIEW
Posted 14 days ago

Qiddiya Investment Company seeks an Assistant Manager - Cloud Security to enhance their cloud infrastructure's security framework.

Photo of the Rise User
MGM Resorts International Remote Home Office - US, NV
VIEW
Posted 11 days ago

Join MGM Resorts as an Endpoint Engineer Associate and help shape the future of technology in the entertainment industry.

Photo of the Rise User
Walt Disney Company Remote Burbank, CA, USA
VIEW
Posted last month
Photo of the Rise User
UPS Remote United States
VIEW
Posted 9 months ago
Photo of the Rise User
Starbucks Remote United States
VIEW
Posted 10 months ago
Photo of the Rise User
Art Shakes Remote Anywhere
VIEW
Posted 7 hours ago
Photo of the Rise User
Amazon Remote via Remote
VIEW
Posted 9 months ago
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Transparent & Candid
Growth & Learning
Fast-Paced
Collaboration over Competition
Take Risks
Friends Outside of Work
Passion for Exploration
Customer-Centric
Reward & Recognition
Feedback Forward
Rapid Growth
Medical Insurance
Paid Time-Off
Maternity Leave
Mental Health Resources
Equity
Paternity Leave
Fully Distributed
Flex-Friendly
Some Meals Provided
Snacks
Social Gatherings
Pet Friendly
Company Retreats
Dental Insurance
Life insurance
Health Savings Account (HSA)
Photo of the Rise User CVS Health

We help people with their health wherever and whenever they need us. And we do it with heart. Because our passion is our purpose: Bringing our heart to every moment of your health™.

1289 jobs
MATCH
Calculating your matching score...
BADGES
Badge ChangemakerBadge Flexible CultureBadge Future Maker
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
April 20, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
500+ people applied to Threat Intelligence Analyst (US Remote Available) - 30603 at Splunk
Photo of the Rise User
10 people applied to IT Help Desk Agent (Remote) at Vaco LLC
F
15 people applied to Information Technology Intern - Summer 2025 at Flextronics
Photo of the Rise User
Someone from OH, Marysville just viewed Security Specialist at Anduril Industries
Photo of the Rise User
Someone from OH, Cincinnati just viewed Learning Content Designer at QuantHub
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok