Senior Analyst, IT Corporate Audit - Cybersecurity

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

A Brief Overview

The Cybersecurity Senior Analyst is a key member of the Internal Audit team responsible for executing cybersecurity audits and control assessments across the organization’s technology environment. This role performs detailed testing of security controls and information systems to evaluate the design and operating effectiveness of cybersecurity defenses and support the overall assessment of the organization’s control framework.

What You Will Do

Audit Execution

• Independently execute cybersecurity audit testing, including performing detailed test procedures, evaluating control design and operating effectiveness, and documenting results in accordance with audit standards and methodology.
• Own assigned audit areas end-to-end, including walkthroughs, evidence collection, validation, and workpaper documentation, ensuring accuracy, completeness, and audit defensibility.
• Perform testing procedures to assess key cybersecurity domains, including cloud security (Azure & GCP), network security, data protection, application security, and third-party/vendor risk management.
• Identify control gaps, document exceptions, and contribute to the development of audit findings and recommendations.
• Apply risk-based thinking when evaluating issues, including consideration of mitigating and compensating controls.

Audit Team Support

• Collaborate with Audit Managers and team members to support audit execution, validate control effectiveness, and ensure timely completion of deliverables.
• Partner with IT, compliance, and business stakeholders to understand processes, obtain evidence, and validate remediation activities.
• Build and maintain effective working relationships across technology teams.

Analytics & Continuous Improvement

• Leverage data analytics and emerging technologies (e.g., AI tools) to enhance audit testing procedures, coverage, and efficiency.
• Contribute to continuous improvement of audit methodologies, tools, and testing approaches.

Reporting & Communication

• Develop clear, concise, and well-supported workpapers and documentation.
• Effectively communicate audit results, issues, and risks to audit team members and management.

Professional Development & Knowledge Sharing

• Stay current on cybersecurity risks, trends, tools, and techniques and apply insights to audit testing and risk identification.
• Support knowledge sharing and training efforts within Internal Audit to enhance cybersecurity awareness and capabilities.

Required Qualifications

• 3+ years of experience in information security, risk, or compliance, with a focus on cybersecurity controls.
• At least one relevant cybersecurity certification (e.g., CISSP, CISM, or equivalent)

Preferred Qualifications

• Experience in a large, complex environment (e.g., healthcare, insurance, or retail).
• Demonstrated ability to independently execute moderately complex audit or control testing areas.
• Working knowledge of regulatory and industry frameworks (e.g., HIPAA, ISO, PCI DSS, NY DFS, NAIC, SOX, HITRUST).
• Familiarity with cybersecurity domains such as cloud security, vulnerability management, ransomware, and security testing tools.
• Proven ability to collaborate across teams and build strong stakeholder relationships.
• Strong analytical, problem-solving, and critical thinking skills.
• Effective written and verbal communication skills.

Education

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field preferred or equivalent experience (High School Diploma + 4 years of relevant experience).

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$79,310.00 - $158,620.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 07/18/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.