Manager, Corporate IT Audit

We're building a world of health around every individual - shaping a more connected, convenient and compassionate health experience. At CVS Health®, you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger - helping to simplify health care one person, one family and one community at a time.

The Manager, Corporate IT Audit leads the SOC Reporting team and serves as a subject matter expert for SOC 1 and SOC 2 audits under SSAE 18. This role oversees the full audit lifecycle—from planning and control testing to evaluation and final report delivery—ensuring accuracy, quality, and alignment with internal audit standards.

This team partners closely with business owners, external auditors, and the SOX & Controls Assurance group to assess internal controls, support remediation, and strengthen CVS Health's overall control environment.

• Lead and guide SOC audit engagements in line with SSAE 18.
• Review complex control testing and deficiency assessments.
• Act as the primary SME for assigned SOC reports and provide technical guidance.
• Ensure consistent, accurate, high‑quality audit deliverables.

• Lead risk assessments to identify key processes and controls.
• Evaluate control issues, root causes, and remediation needs.
• Partner with business owners to drive effective, timely corrective actions.
• Provide challenge and insight to internal teams and external auditors.

• Mentor and develop audit staff.
• Provide coaching, feedback, and skill‑building opportunities.
• Delegate work effectively and promote team growth.

• Build strong relationships with internal partners and auditors.
• Communicate risks, findings, and remediation clearly and confidently.
• Represent SOC Reporting in meetings and organizational initiatives.

• Lead multiple SOC projects simultaneously, ensuring on‑time, high‑quality results.
• Oversee scoping, scheduling, resourcing, and documentation.
• Identify opportunities to improve audit processes, templates, and methodologies.

• Advance SOC practices through new tools, automation, and updated standards.
• Stay current on SOC, IT controls, and regulatory developments.
• Promote consistency and knowledge sharing across the team.

• Minimum 5 years in IT Audit, Controls Assessment, Validation, Risk Assessment, or Risk Consulting.
• Reliable attendance.
• Ability to travel up to 10%.

• Experience planning and managing audit projects.
• Professional certifications (e.g., CISA, CRISC, CISM, CPA, CIA) or progress toward them.
• Strong knowledge of IT controls, cybersecurity, SDLC, infrastructure, and emerging technologies.
• Familiarity with SOC standards, data privacy laws (HIPAA, GDPR, CCPA), and cloud concepts.
• Understanding of frameworks such as NIST, COBIT, ISO, HITRUST, PCI.
• Strong analytical, communication, collaboration, and project management skills.
• Experience writing technical audit reports.

Bachelor's degree OR equivalent experience.

40

Full time

The typical pay range for this role is: $54,300.00 - $. This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

We take pride in our comprehensive and competitive mix of pay and…