Senior Manager, HITRUST and International Compliance

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day. Position Summary Defines operational activities and executes on strategic direction related to international compliance and client assurance for CVS Health's Digital, Data, Analytics & Technology (DDAT) Compliance team. Guides colleagues in facilitating GDPR compliance and HITRUST assessment activities. Manages, develops, and implements procedures, controls, and reporting to ensure compliance with the General Data Protection Regulation (GDPR) and for CVS Health's HITRUST assessment as part of client assurance. Consults on efforts to continuously improve internal controls, processes, and systems to enhance the effectiveness and efficiency for the program. Partners with IT and business colleagues to educate on risk and provide actionable metrics that measure the effectiveness of controls. Coordinate and manage activities of process owners to support internal and external audits, including supporting audit requests and tracking remediation. Partner with key stakeholders, including senior management, Legal, Internal Audit, and external assessors, to ensure alignment and support of the CVS Health's technology compliance program.Responsibilities:

• Managing and executing procedures to facilitate and support various cybersecurity HiTrust and International audits and compliance activities. Establishes schedules and plans to ensure deadlines are being met. Develops efficient processes to facilitate and support regulatory, internal audit and industry standard assessments and audits.
• Provides coaching, feedback, and educates stakeholders and colleagues relative to HiTrust and International compliance requirements and industry best practices.
• Defines or develops risk management policies and procedures to support the implementation of HiTrust and International technology controls across the enterprise.
• Oversees preparation and submission of HiTrust and International compliance reports to management, Audit Services, external auditors/assessors, and regulators.
• Oversees audits and assessments to measure the effectiveness of security controls and provides results back to responsible party/owner.
• Educates key stakeholders on risk management frameworks and top risks related to the system(s) or Line of Business for HiTrust and International Compliance.

• 7+ years of regulatory compliance, internal audit, external assessments, risk management, regulatory compliance, and information security in a corporate environment.
• 5+ years of experience in audit methodologies, internal control frameworks, risks assessments, and control testing techniques.
• 3+ years of experience in managing work efforts with both internal and external partners in a highly collaborative environment.

• Demonstrated expertise in audit methodologies, internal control frameworks, risks assessments, and control testing techniques.
• Solid program management skills including strategic planning, decision-making, and project management.
• Strong understanding of relevant regulations and frameworks aligning to NIST, ISO, HITRUST, HIPPA, PCI.
• Strong analytical and problem-solving skills with the ability to analyze and interpret complex regulations, operational data, trends, assess risks effectively, and make recommendations for improvement.
• Exceptional interpersonal skills with the ability to collaborate across departments and influence stakeholders at all levels.
• Demonstrated ability to collaborate effectively with cross-functional teams, build relationships with key stakeholders, and influence others to achieve compliance objectives.
• Strong attention to detail and accuracy when conducting assessments, documenting processes, and reviewing controls to ensure compliance with HiTrust assessment and International compliance (GDPR/ISO) requirements.
• CRISC, CISSP, CISM, or equivalent

• Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.