Senior Manager, Infrastructure Security Services

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.Job Overview:The Senior Manager of Infrastructure Security Services is responsible for leading and managing the organization's security initiatives related to infrastructure services, ensuring the integrity, confidentiality, and availability of critical IT systems. This includes overseeing security operations for data centers, network infrastructure, cloud environments, endpoints, and enterprise applications.The Senior Manager will be responsible for maintaining a comprehensive infrastructure security program, aligning with business objectives while ensuring compliance with relevant regulations and industry standards. This individual will collaborate with key stakeholders across IT, compliance, and business units to design, implement, and maintain security frameworks, tools, and policies.Key Responsibilities:• Strategic Leadership & Direction:

• Lead the strategy, and execution of infrastructure security services, ensuring alignment with the organization's overall security program and business objectives.
• Manage and grow a high-performing team of infrastructure security professionals, providing mentorship, guidance, and leadership in the execution of security initiatives.
• Develop and drive security policies, procedures, and best practices for securing critical infrastructure components including networks, servers, cloud services, and endpoints.

• Design and implement security architecture frameworks for enterprise infrastructure, ensuring they are scalable, robust, and resilient to potential threats.
• Oversee the evaluation, selection, and deployment of infrastructure security tools and technologies (e.g., firewalls, intrusion detection systems, encryption solutions, endpoint protection).

• Conduct regular risk assessments and vulnerability assessments to identify, evaluate, and mitigate security risks in the infrastructure environment.
• Ensure infrastructure security is compliant with industry standards (e.g., NIST, ISO 27001) and relevant regulatory requirements (e.g., GDPR, PCI, HIPAA, HITRUST, SOX).
• Collaborate with compliance and audit teams to ensure infrastructure security settings, policies and practices meet regulatory and organizational requirements.

• Oversee infrastructure-related security incidents, including identifying, responding to, and recovering from security breaches or vulnerabilities.
• Ensure proactive monitoring and alerting of critical infrastructure components, identifying potential threats and mitigating risks in real time.
• Lead post-incident reviews to identify root causes, recommend improvements, and implement preventive measures.

• Collaborate closely with IT operations, cloud, network, and development teams to integrate security into infrastructure provisioning, automation, and deployment processes.
• Work with other cybersecurity leaders to ensure comprehensive protection across all IT domains, from network to endpoint to cloud.
• Serve as a liaison with external vendors, regulatory bodies, and auditors to ensure the security of infrastructure services and systems.

• Lead the implementation of security practices for cloud-based infrastructure (e.g., AWS, Azure, GCP) in a hybrid or multi-cloud environment.
• Ensure secure configurations and continuous monitoring of cloud resources, with a focus on access controls, encryption, and incident response.
• Evaluate and implement cloud-native security services and tools to enhance visibility and protection of cloud workloads.

• Develop and maintain detailed documentation for security processes, policies, and system architectures related to infrastructure security.
• Provide regular updates to senior leadership on the state of infrastructure security, including risk assessments, incident reports, and security performance metrics.

• 7+ years of hands-one experience in Infrastructure and/or Cybersecurity Technologies
• 7+ years of experience managing highly technical teams within large scale environments
• 5+ years of experience managing internal and external security audits

• Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.