IT Security Policy

AETNA - Hartford, CT3.8

Full-timeEstimated: $100,000 - $140,000 a year
Save
Skills
Description:
This role is responsible for reviewing, implementing, updating anddocumenting the security policy framework(s) and controls related toInformation Security to protect sensitive data and reduce organizational risk.The role will interface with senior leaders in all IT disciplines, as well asauditors, regulators and other key internal stakeholders (legal, privacy,etc..) to define and communicate strategies for Policy management in order tomeet CVS Health’s legal, regulatory and operational requirements.
60615

Fundamental Components:
Work with Subject Matter Experts to ensure policies and standards are reviewed and updated as
necessary
Work with Compliance partner organizations to ensure policies and standards comply with appropriate
industry standards and regulations (Data Privacy, Compliance, Legal, Physical Security, etc...)
Partner to present our internal policies and standards to customers, partners, internal teams, and senior
leaders
Design and manage the processes to enforce our policies and ensure they remain under control
Review proposed baseline configuration changes for compliance with policies and standards
Manage and oversee the security exception and approval processes (external access, workstation admin
rights, etc...)
Support the Security Architecture function by interpreting policy and standard requirements
Provide consultative services related to the CVS Health security control framework to various
organizations within CVS Health
Ensure the Information Security Awareness program is aligned to the Security control framework
Provide audit support related to the Security control framework
Provide status reporting and metrics to leadership as required
Evaluate solutions and assist in maintenance of the Security Governance Risk and Compliance tool
Analyze enforcement and escalation data to recommend improvements to product regarding the systems
and processes that support our policies at scale
Serve as the point of escalation for making decisions when existing processes don’t produce a
clear decision

Background Experience:
Passionate about public policy issues and how they impact business objectives
Comfortable making difficult decisions
An excellent written and verbal communicator
Able to communicate points of view to audiences that may be biased against your position
Able to understand alternative positions on issues
Able to advise senior leaders on policy issues
Able to facilitate group discussions with cross-functional stakeholders
Able to closely partner with cross-functional stakeholders

Ideal

qualifications:
Have experience driving consensus on issues that may not have a clear answer and
communicating requirements on those issues to product teams
Have built relationships with public advocacy, policy, or other external stakeholder groups
Have managed policy development and advocacy in the past
5+ years of full time Information Security risk management experience
Direct work experience in a technical project management capacity, including experience with process development and execution.
Experience in a business liaison or analyst role, including experience with process and technology analysis.
Experience in planning and executing multiple Information Security risk & compliance projects.
Experience with information security frameworks such as ISO 27001/2, SOC2, NIST Cybersecurity Framework, GDPR, HITRUST.
Experience with risk management and Information Security strategy, practices, technologies, and tools
Prior experience coordinating with internal and external auditors to effectively communicate requirements, drive execution and deliver results.
Working knowledge of RSA's Archer eGRC Solutions and Archer certification is a plus.

Additional Job Information:
Direct work experience in a
technical project management capacity, including experience with process
development and execution.
Experience in a business liaison or
analyst role, including experience with process and technology analysis.
Experience in planning and executing
multiple Information Security risk & compliance projects. Experience with information security frameworks such as ISO
27001/2, SOC2, NIST Cybersecurity Framework, GDPR, HITRUST.
Experience with risk management and
Information Security strategy, practices, technologies, and tool.
Prior experience coordinating with
internal and external auditors to effectively communicate requirements, drive
execution and deliver results.
Working knowledge of RSA's Archer
eGRC Solutions and Archer certification is a plus.

Required Skills:
Leadership - Collaborating for Results, Leadership - Driving a Culture of Compliance, Leadership - Fostering a Global Perspective

Functional Skills:
Information Technology - Security

Potential Telework Position:
Yes

Percent of Travel Required:
0 - 10%

EEO Statement:
Aetna is an Equal Opportunity, Affirmative Action Employer

Benefit Eligibility:
Benefit eligibility may vary by position. Click here to review the benefits associated with this position.

Candidate Privacy Information:
Aetna takes our candidate's data privacy seriously. At no time will any Aetna recruiter or employee request any financial or personal information (Social Security Number, Credit card information for direct deposit, etc.) from you via e-mail. Any requests for information will be discussed prior and will be conducted through a secure website provided by the recruiter. Should you be asked for such information, please notify us immediately.