Senior Manager - Information Security (Exposure Management)

Senior Manager, Exposure Management

We're building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

The Senior Manager, Exposure Management leads a team of remediation engineers responsible for reducing enterprise security risk across the organization's technology environment. This role drives the end-to-end remediation program, ensuring timely mitigation of vulnerabilities while balancing operational stability, business priorities, and risk tolerance. The Senior Manager partners across security, infrastructure, and application teams to implement scalable, risk-based remediation strategies and improve overall exposure management effectiveness.

Key Responsibilities

• Lead enterprise-wide vulnerability remediation efforts and execute risk-based strategies using CVSS, exploitability, asset criticality, and business impact
• Drive cross-functional collaboration with security, engineering, cloud, and infrastructure teams to ensure effective and timely remediation outcomes
• Oversee remediation lifecycle management, ensuring vulnerabilities are prioritized, tracked, and resolved within defined SLAs
• Establish and enforce prioritization models, including exception handling, risk acceptance, and escalation of high-risk issues
• Deliver executive reporting on exposure trends, remediation performance, and overall risk posture
• Improve remediation processes, tooling, and automation to enhance efficiency and reduce false positives
• Ensure alignment with regulatory and compliance frameworks and support audits, risk assessments, and governance activities

Required Qualifications

• 7+ years of experience in cybersecurity, with at least 3+ years focused on vulnerability or exposure management
• 3+ years of people leadership experience, including managing technical teams and driving outcomes
• Hands-on experience with vulnerability management platforms (e.g., Qualys, Tenable, Rapid7, Wiz)
• Strong understanding of operating systems (Windows, Linux, macOS), networking concepts, and enterprise infrastructure
• Proven ability to apply risk-based decisioning in vulnerability prioritization and remediation

Preferred Qualifications

• Relevant industry certifications (e.g., CISSP, GIAC, CEH, Qualys VMDR) combined with strong analytical, problem-solving, and troubleshooting skills
• Experience with patching, configuration management, and remediation tools (e.g., SCCM, Ansible, Puppet) in large-scale environments
• Knowledge of secure coding practices and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25)
• Hands-on experience with scripting and automation (e.g., Python, PowerShell, Bash) to improve remediation efficiency
• Proven ability to manage enterprise-scale remediation programs in cloud or hybrid environments and clearly communicate technical risk to both executive and non-technical stakeholders

Education

• Bachelor's degree or equivalent experience (HS diploma + 4 years relevant experience)

The typical pay range for this role is:

$118,450.00 - $284,280.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company's equity award program.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families. This full-time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well-being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.