Senior Manager - BISO

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Performs as a lead supporting the Business Information Security Officer (BISO) for a designated line of business. The BISO office serves as a trusted security advisor to business operations and technology partners, ensuring the delivery of high‑quality products and state‑of‑the‑art solutions to our customers. This role provides project and program management support, subject‑matter expertise in security technologies, tooling, controls, and trends, and strong communication to embed security fundamentals across the business.

This senior contributor position requires a thorough understanding of security risks, threats, vulnerabilities, control frameworks, security technologies, and core information technology concepts. Identifies deviations and potential security risks that may impact the organization and provides actionable impact analysis and reporting to IT and business stakeholders to support effective control governance. Leads the development of policies, controls, and procedures related to Enterprise Information Security.

• Supports and advises technical and business teams on cybersecurity, compliance, and risk‑related projects and issues within a large, cross‑functional enterprise environment.
• Provides clarity and insight into complex cybersecurity and technical initiatives to enable the business to make informed, risk‑based decisions.
• Promotes Enterprise Information Security policies, standards, and procedures by engaging with stakeholders, control owners, and custodians.
• Represents the assigned line of business during audits and assessments conducted by internal and external auditors or regulatory bodies.
• Develops reporting and dashboards to measure adherence to expected or defined security outcomes.
• Removes complexity and barriers that impede the effective implementation of enterprise‑wide security controls for both business and technical teams.

• 7+ years of information security or related experience
• 3+ years of experience identifying security risks within technology implementations
• 3+ years of experience with security controls and alignment to key regulations (NIST, ISO, HITRUST, HIPAA, PCI)
• 3+ years of experience in technology program/project management frameworks and tools

• Experience in information technology development, programming, analysis, or program management (including AI/automation)
• Experience with network and application security tools in a large enterprise environment
• Knowledge of regulatory standards including NIST, SOX, SOC, HIPAA, PCI, and HITRUST
• Security certifications such as CISSP, CRISC, CISM, Security+
• Experience leading formal control testing initiatives, projects, or programs
• Strong interpersonal, organizational, and collaboration skills
• Strong written and verbal communication skills

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

$ – $

This pay range represents the base hourly rate or base annual full‑time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short‑term incentive program in addition to the base pay range listed above.

This position also includes an award target in the company’s equity award program.

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our…