Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for health care facilities.
We are a crucial link between the clinical and operational sides of care, working with more than 4,500 sourcing and manufacturing partners to deliver end-to-end solutions and data-driven insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives and innovative digital solutions, we build connections across the continuum of care.
With 50 years of experience, approximately 44,000 employees and operations in more than 30 countries, Cardinal Health seizes the opportunity to address healthcare?s most complicated challenges - now, and in the future.
Department Overview:
Information Security and Risk Management (ISRM) at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls is embedded into Cardinal Health?s people, process and technology.
We currently have a career opening for a Sr. Engineer, Information Security and Risk, who will play a Lead role focused on identifying key IT controls and compliance requirements and confirming that controls are being designed and implemented as solutions are being Implemented.
Job Overview:
This role is a leader position within the team and requires having an in-depth understanding of local, national and international privacy and security regulations such as HIPAA (Health Insurance Portability and Accountability Act), FDA (Food and Drug Administration)/GxP/CSV (Computer System Validation)/DSCSA(Drug Supply Chain Security Act, DEA/CSOS (Controlled Substance Ordering System), SOX, PCI DSS, CMMC (Cybersecurity Maturity Model Certification), etc. as well as relevant control frameworks to drive compliance to those regulatory requirements, while working with key stakeholders (e.g., project team, solution owners, various compliance SMEs). Additionally, strong project management skills are required for anyone to be successful in this role.
Senior Engineer will be responsible for partnering with project/program teams in assessing IT Compliance requirements, facilitating discussions with key stakeholders in confirming compliance requirements are being met through appropriate design and execution of IT controls as solution is being designed and communicating status, risk and issues to leadership on an ongoing basis.
Responsibilities:
Lead the Proactive Assurance efforts by engaging on projects/program, where new solutions are being designed and act as a "Compliance Lead" to direct processes and people through influence to confirm key compliance requirements are identified and met when a new solution goes into production.
Coordinate cross-functional compliance, legal and IT team sessions to review compliance requirements and advise on process improvements to drive efficiencies
Perform end-to-end future state solution review to understand scope
Perform impact assessment to identify regulatory/compliance requirements that impact based on the scope
Identify controls that would need to be designed and implemented to meet the compliance requirements
Provide oversight over the compliance work stream to confirm compliance requirements are being designed and implemented
Provide ongoing status updates to leadership on status of compliance requirements being designed including any risks/issues that need to be escalated
Qualifications:
Bachelor?s Degree in related field or equivalent work experience
10+ years? experience in related field
Ability to manage project/teams effectively
Ability to effectively communicate (both verbal and written) with leaders at all levels within the organization
Ability to work in a matrixed environment to drive results
Ability to clearly define and execute repeatable processes
Ability to effectively navigate a variety of challenging environments, prioritize work and determine when to escalate to upper management
Effective time management, active listening, meeting facilitation, and influencing skills.
Experience with IT risk and controls identification and assessments including IT control design and effectiveness testing.
Experience with GRC (Governance, Risk and Compliance)
Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape.
Prior experience with key IT regulation compliance including HIPAA, FDA, DEA, PCI, DFARS/CMMC, SOX, etc.
Prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT regulatory compliance.
Prior experience working with Internal or External Audit functions are a plus.
Security or risk certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are a plus
Anticipated salary range:$119,800 - $171,100
Bonus eligible:Yes
Benefits:Cardinal Health offers a wide variety of benefits and programs to support health and well-being.
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Application window anticipated to close:9/28/2024 *if interested in opportunity, please submit application as soon as possible.
The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate?s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities.We are a crucial link between the clinical and operational sides of healthcare, delivering end-to-end solutions and data-driving insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives and innovative digital solutions, we build connections across the continuum of care. With more than 50 years of experience, we seize the opportunity to address healthcare's most complicated challenges – now, and in the future.As a global, growing company, we’re able to offer rewarding careers that let you make a positive impact on our customers and communities.