Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.

Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.

Job Description

Within CVS Health, the security of our customer data and the applications we develop for them is paramount to our success. Security becomes a burden when it comes too late in the development cycle. At CVS Health, we strive to shift security work to where it is the cheapest and easiest to implement. We do this by integrating security controls into our existing CICD pipelines and by building foundational security components that abstract the complexity and simplify integration into the various application teams across enterprise.

As an application security product manager, you will work closely with the engineering, production support, product, and global security teams to develop and prioritize features that improve the security profile of the respective application within the organization without adversely impacting customer experience. You will be responsible for identifying key metrics that measure success and that provide insight into to identify security areas the need focus.

A critical responsibility of an Information Security Product Manager is to understand the common information security challenges within the organization, and to come up with operational procedures and security solutions that the respective application teams can use to ensure that the we ship secure products. As a key security stakeholder within the enterprise organization, the security product managers primary objective is to make security easy for developers, engineers, project managers, and security teams alike and more importantly to ensure that the applications that the enterprise develops are secure.

Work closely with senior leaders to ensure that investments are aligned to the organizations strategic goals and manage the feature backlog. Guide multiple value streams with representation from architecture, user experience design, test, dev/ops, and more.

Key responsibilities:

• Collaborating with stakeholders which includes other Scrum Teams, Values Streams on feature requests around Security, Foundational and Compliance items to assess priority, value, and development cost and then prioritizing development work accordingly.
• Define and communicate the security backlog and strategy for the various agile product teams.
• Understand customer needs to define short term and long-term product direction, articulate user stories and features.
• Decompose high-level requirements into user stories and tasks, manage and prioritize the product backlog, participate in scrums and meta-scrums, and validate delivered solution designs.
• Understands, assesses and critiques the architecture proposed by the Application architecture team and ensures that the scrum team delivery is aligned to the overall solution and security architecture.
• Communicate security vision effectively to peers and other leaders.
• Perform industry research as necessary to support feature development.
• Partner with engineering team to define, track and test user stories in an agile software development life cycle.
• Provide product subject matter expertise and leadership.
• Work with program management to track schedule against the roadmap and escalate risks and issues.
• Staying on top of new market space developments, and evaluating/ understanding competitive tools.
• Experience with researching, designing, building, and deploying new security solutions and or improving the security of existing solutions.
• Collaborate with the engineering team to prioritize security features and scan related findings and facilitate determining the best technical solutions.
• Keep apprised of new security technologies and services while looking for opportunities where these solutions can be used to address existing security issues and or to enhance the security of existing products.

Required Qualifications

• 7 + years of product / engineering experience.
• 4+ years of experience in Security.
• 4+ years of experience building consumer facing products at scale.
• 4+ years of experience driving agile product development.
• 4+ years of experience delivering convincing business case recommendations to senior management.
• 4+ years of experience working in collaborative style – with architecture, development and UX teams and lead and influence diverse teams.

Preferred Qualifications

• Outstanding verbal and written communication skills
• Understanding of various security tools (E.g. Checkmarx , Twistlock , OWASP , Data theorem , Snyk , Nexus is a plus
• Understanding Security testing (PEN test, API testing, Web Security Testing, BOT testing) is a plus
• Certified Product Manager / Owner is a plus
• Product Management or Product Design certification is a plus
• SANS GIAC, CISSP and related security certifications is a plus

Education:

• Bachelors degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$106,605.00 – $213,200.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.

In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities. The Company offers a full range of medical, dental, and vision benefits. Eligible employees may enroll in the Company’s 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees. The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners. As for time off, Company employees enjoy Paid Time Off (“PTO”) or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies.

For more detailed information on available benefits, please visit jobs.CVSHealth.com/benefits

We anticipate the application window for this opening will close on: 06/13/2024

Apply