Our Ability Jobs

Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.

Position Summary:

The Lead Director of Secure Development Services is a critical member of the Enterprise Information Security (EIS) organization. This leader will report to the Executive Director of Security Technology Services focused on developing and executing the strategy for enterprise-wide secure development program and perform security requirements integration into application development, API’s, Open-Source, Mobile, Gen-AI development workflows. This role requires a visionary leader with a strong technical background in secure development practices, a strategic mindset, and the ability to lead cross-functional teams. The successful candidate will be instrumental in shaping the security strategy and integrating best practices into our development lifecycle.

Strategic Leadership:

• Develop and implement a comprehensive security strategy for secure development lifecycle including security architecture design, threat modeling, static and dynamic application code scanning, API security, open-source security, mobile security and Gen-AI security.

• Align secure development goals with overall business objectives and technology strategies.

• Lead the implementation and enforcement of secure design principles according to policies, standards, and secure development patterns.

• Drive automation, optimization, and scalability as the standard approach for solutions.

• Advocate for security within the organization and ensure executive buy-in.

  Team Leadership and Development:

• Lead and mentor a team of security engineers, developers, and other professionals.

• Foster a culture of security awareness and continuous improvement.

• Identify and address skills gaps within the team through training and recruitment.

  Secure Development Practices:

• Establish and enforce secure coding standards and best practices.

• Mature API Security, OpenSource Security, Mobile Security, Gen-AI Security and Threat Modeling programs.

  Secure Development Technology:

• Automate security testing and integrate security tools within the CI/CD pipelines.

• Embed policy as code security checks into automated workflows.

• Perform technology modernization of current API Security, OpenSource Security, Mobile Security and Gen-AI toolsets.

• Collect and catalog software bill of material for open-source and SaaS applications.

  Collaboration and Communication:

• Collaborate closely with product management, engineering, and operations teams to integrate security into all stages of development.

• Communicate security risks and mitigation strategies to stakeholders at all levels.

• Promote a collaborative approach to security across the organization.

  Compliance and Governance:

• Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, NIST, PCI, SOX and GDPR).

• Develop and maintain security policies, procedures, and documentation.

• Monitor and report on security metrics and key performance indicators.

• Enhance reporting methodology to improve colleague experience and accelerate proactive remediation.

  Innovation and Continuous Improvement:

• Stay current with emerging security threats, technologies, and industry trends.

• Drive innovation in secure development practices and tools.

• Lead initiatives to continuously improve the security posture of the organization.

  Required Qualifications:

• 10+ years of experience in software development, with a focus on security.

• 10+ years of experience with secure architecture design, threat modeling, secure application development, remediation, and policy compliance.

• 10+ years of experience in selecting, testing and deploying secure development tools at scale.

  Preferred Qualifications:

• Proven leadership experience in managing and developing high-performing teams.

• Strong understanding of secure software development lifecycle (SDLC) practices and methodologies.

• Extensive experience selecting, testing and deploying secure development tools at scale.

• Ability to manage a high degree of complexity and distill information that provides clear direction.

• Strong attention to detail and a focus on mobilizing the organization to deliver the strategy.

• Ability to motivate others with high expectations to facilitate impact and pace of change.

• Agility to deal with a constantly changing business environments.

• Drive change across an organization while building a strong security-minded culture.

• Fosters collaborative decision-making processes that deliver results and exceed expectations.

• Knowledge of relevant security standards and regulations.

• Excellent communication and interpersonal skills.

• Strong problem-solving and decision-making abilities.

• Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus.

  Education:

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$144,200.00 - $288,400.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program. In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities. The Company offers a full range of medical, dental, and vision benefits. Eligible employees may enroll in the Company’s 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees. The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners. As for time off, Company employees enjoy Paid Time Off (“PTO”) or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies. For more detailed information on available benefits, please visit jobs.CVSHealth.com/benefits

We anticipate the application window for this opening will close on: 07/22/2024

We are an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.