Aetna Third Party Cyber Risk Advisor in Denver, Colorado
Req ID: 65187BR
The Third Party Cyber Risk Analyst will work with CVS Health/Aetna and third party resources to drive the cyber security maturity of our third parties. This position is accountable for identification and remediation of risks identified through Aetna's assessment and continuous monitoring of third parties. The position will manage, monitor, and coordinate third party risk activities for assigned business portfolios.
Fundamental Components included but are not limited to:
Aetna s Third Party Risk Governance team must work directly with Aetna business lines and third party contacts to ensure the appropriate protection of sensitive data. In this role, the successful candidate must have the ability to collaborate and drive resolutions. The successful candidate will find themselves in an environment that recognizes and supports the need to drive change across Aetna s third party portfolio. Candidates should demonstrate:
Ability to directly or indirectly work with business lines, subject matter experts and other constituents to ensure understanding of key security controls for use of third parties.
Work with third parties to implement key security controls in accordance with Aetna Global Security strategy and vision for protection of sensitive data.
Build and maintains positive relationships with management, team members, and stakeholders across Aetna using effective written and oral communication practices. Possess the ability to influence others using program knowledge, negotiation methods, and be able to overcome objections.
Possess a foundational understanding of common technology architectures. Will be able to credibly understand high level system architecture and data flow diagrams for the purpose of identifying gaps in disclosure and risk identification.
Demonstrate knowledge of key regulatory risks and controls for assigned business lines. Understanding of HIPAA/HITECH required, Sarbanes-Oxley and PCI desired.
Ability to effectively communicate complex Cyber Security issues to non-technical audiences
Proven track record of driving programs, project, or issues to completion
Qualifications Requirements and Preferences:
Qualifications Basic Qualifications:
Bachelor's degree, or equivalent work experience
Five to seven years of applicable experience
Third party (vendor) risk management experience
Excellent verbal and written communication skills
Strong project management and strategic planning skills
Technology development and/or Applications/Operational support experience
Software applications proficiency in RSA Archer and MS Office Suite
Demonstrable ability to recognize the relevance of risk trends, issues and potential risk exposure
Understanding of Cyber Security frameworks such as NIST or ISO 27001
Understanding of Risk Management (framework knowledge such as COSO, COBIT, NIST RMF, etc)
Information Technology - Security
System Management - Information Security Management
Additional Job Information:
Business Focus - Discuss third parties, risks, and controls specific to business areas
Strong Communication - Builds and maintains positive relationships with management, team members, and stakeholders across CVS Health using effective written and oral communication practices. This position will foster collaboration internally across the enterprise while drawing in diverse groups to share ideas, information, and resources to strengthen the program. This position will also be responsible for building cooperation and trust between departments and other groups. In this position, one will be able to influence others using program knowledge, negotiation methods, and is able to overcome objections which lead to consensus among constituents.
Benefit eligibility may vary by position. Click here to review the benefits associated with this position.
Job Function: Information Technology
Aetna is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veterans status.