We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.
Position Summary
Leads enterprise data governance, privacy, and risk management efforts to ensure the compliant, secure, and responsible use of data across all lines of business, including Commercial, Medicare, and Medicaid. This role establishes and operationalizes governance frameworks, decision protocols, standards, and controls that promote data quality, transparency, accountability, and appropriate use of sensitive health information. The position partners closely with Legal, Compliance, Security, Informatics, and business leaders to translate regulatory requirements, contractual obligations, and enterprise policies into practical governance processes and risk-based controls. The role is responsible for identifying, assessing, and mitigating risks across data sharing, access, lineage, downstream use, and third-party relationships, while enabling audit-defensible decision-making and scalable governance practices aligned with business objectives and regulatory expectations, including HIPAA, CMS mandates, and state privacy requirements. The incumbent is additionally expected to lead communication strategy across varied audiences and organizational levels, and to drive outcomes through highly polished, structured program management disciplines.
Required Qualifications
10+ years of experience in healthcare, data governance, privacy, risk management, or a related field
Deep knowledge of healthcare regulations, including HIPAA, CMS requirements, and state privacy laws
Experience with data governance frameworks, data lineage, metadata management, and stewardship practices
Strong understanding of payer operations, including claims, utilization management, risk adjustment, and STARS
Expertise in risk identification, assessment, mitigation planning, control design, and reporting
Ability to translate legal and regulatory requirements into operational and technical processes
Strong stakeholder management, executive communication, and cross-functional collaboration skills
Ability to influence leaders and drive alignment across functions and throughout the enterprise
Experience defining and operationalizing risk mitigation strategies and governance solutions
Demonstrated ability to develop and execute audience-specific communication strategies across operational, management, and executive levels of an organization
Proven experience crafting polished executive briefings, board materials, and governance communications that make complex topics accessible and decision-ready
Strong program management skills, including experience driving structured programs with defined milestones, RACI accountability, risk management, and executive-level status reporting
Preferred Qualifications
Degree in legal studies, privacy engineering, information technology, communications, or a related discipline
Familiarity with AI governance, bias oversight, or emerging technology risk management
Understanding of clinical data, EMRs, HIEs, and health information exchange practices
Privacy certifications such as CIPM or CIPP
Risk management certifications such as CRISC, PMI-RMP, or COSO ERM familiarity
Familiarity with enterprise or solution architecture concepts
Lean Six Sigma or other process improvement experience
Experience supporting governance committees, decision forums, or enterprise control processes
Familiarity with data governance tools, data catalogs, metadata platforms, or control documentation repositories
Experience preparing documentation, evidence, or responses for audits, compliance reviews, or regulatory inquiries
Experience assessing third-party data sharing arrangements, contractual controls, and downstream data use considerations
Experience with issue management, remediation planning, and control monitoring in a regulated environment
PMP, PgMP, or equivalent program management certification
Experience developing and managing program governance frameworks across large, matrixed organizations
Background in executive communications, change management, or organizational communications strategy
Education
Bachelor's degree preferred/specialized training/relevant professional qualification. lease replace this section with the Education Requirements
Pay Range
The typical pay range for this role is:
$100,000.00 - $231,540.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.
Additional details about available benefits are provided during the application process and on Benefits Moments.
We anticipate the application window for this opening will close on: 07/16/2026
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.