Security and Compliance Analyst

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Overview

The Security and Compliance Analyst (VP Point of Contact) is a highly visible role within the CVS Caremark organization responsible for ensuring effective governance of application security and compliance requirements. This position serves as a critical liaison between CVS Enterprise security and audit teams, business stakeholders, and application development teams to strengthen CVS Health's cybersecurity posture and compliance framework.

Position Summary

The VP Point of Contact (VP POC) will collaborate with peers across CVS Enterprise security and audit teams to provide expert guidance on integrating security best practices throughout the Software Development Lifecycle (SDLC). The role focuses on vulnerability management, scanning and remediation, strategic infrastructure security implementation, and risk assessment. The analyst will evaluate enterprise risks based on identified vulnerabilities and threats, recommend mitigation strategies, provide regular updates to IT management, and support audit response activities.

Key Responsibilities

Vulnerability Management & Remediation

• Participate in daily and weekly meetings with vulnerability management teams, lines of business, towers, and application owners to track status and progress of assigned vulnerabilities
• Ensure proper alignment of vulnerability assignments across lines of business, towers, and application groups
• Drive the creation, tracking, and timely closure of vulnerability remediation plans in accordance with CVS Health security timelines
• Monitor remediation of critical vulnerabilities within required timeframes (Critical: 7 days, High: 90 days, Medium: 180 days, Low: 365 days)
• Ci security requirements

Security Strategy & Advisory

• Advise business stakeholders and development teams on proper security practices throughout the Software Development Lifecycle
• Evaluate user needs and system functionality to help develop comprehensive IT security strategies for security scanning and detection
• Provide strategic guidance on infrastructure technologies to implement layered defense mechanisms
• Assess and communicate enterprise risks based on vulnerability findings and emerging threats
• Recommend appropriate mitigation strategies aligned with business objectives

Compliance & Governance

• Partner with internal and external auditors during compliance and regulatory reviews
• Contribute to and influence application security policies across Pharmacy Services IT and the broader CVS enterprise
• Ensure adherence to CVS Health cybersecurity compliance requirements and industry standards

Enterprise cybersecurity compliance policy

• Support continuous monitoring and assessment initiatives
• Continuous monitoring

Communication & Stakeholder Management

• Provide appropriate updates and security status reporting to IT management
• Facilitate meetings with both technical and business audiences across multiple functional departments
• Document and track security remediation plans and exceptions
• Communicate complex security topics effectively to diverse stakeholder groups

Required Qualifications

• 3+ years of experience in application security, monitoring/management, vulnerability management, or risk and compliance
• 3+ years of experience working across all phases of SDLC and CI/CD pipelines
• 1+ years of experience managing or coordinating large-scale projects
• Strong understanding of security principles and secure coding practices
• Secure coding

Preferred Qualifications

Technical Knowledge

• Background and understanding of networking and network security technologies, including:
• Azure Cloud security policy adherence
• TCP/IP networking knowledge (networking architecture, firewall configuration, DMZ layout)
• Advanced web technology knowledge (HTTP, HTML, SQL)
• Advanced knowledge of detection, exploitation, and prevention of software vulnerabilities (SQL Injection, XSS, buffer overflows, CSRF, etc.)

Artificial Intelligence & Emerging Technologies

• Understanding of AI security risks and vulnerabilities specific to AI/ML systems and models
• Knowledge of security implications related to AI-assisted coding tools and AI-generated code

Secure coding

• Experience evaluating security risks in AI-powered applications and services
• Familiarity with secure AI development practices and AI model security testing
• Awareness of AI-related compliance considerations and ethical AI principles
• Understanding of prompt injection, model poisoning, and other AI-specific attack vectors
• Experience with AI-powered security tools for vulnerability detection and threat analysis

Compliance & Frameworks

• Understanding of compliance requirements such as PCI-DSS, SOX, HIPAA, and other relevant regulatory frameworks
• Knowledge of ITIL, service management, and quality management practices
• Familiarity with industry security frameworks and standards

Development & Operations

• Understanding of CI/CD pipelines and DevSecOps practices
• Experience with Agile methodologies
• Knowledge of container security and cloud security controls

Professional Certifications

• Professional security certification(s) such as CISSP, CISM, CEH, GIAC, or similar credentials (preferred but not required)

Soft Skills

• Excellent communication skills required to facilitate meetings with both technical and business audiences across multiple functional departments on security-related topics
• Strong analytical and problem-solving abilities
• Ability to influence and drive change across organizational boundaries
• Collaborative mindset with proven ability to work effectively with cross-functional teams

Education Bachelor's degree in Computer Science or equivalent work experience required

Pay Range

The typical pay range for this role is:

$130,295.00 - $260,590.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 04/15/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

For more details click Job Post.