Information Security & Risk Engineer
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.
Cardinal Health’s Information Security team aims to be a world-class cybersecurity and risk management organization that enables Cardinal Health to be healthcare’s most trusted partner. We define solutions that balance information security requirements against business needs. We are a remote-first team and are excited to offer full-time remote opportunities.
We boast tremendous opportunities to grow and apply technical skills to meet organizational needs, empower talented team members who mentor and uplift others, be led by leaders with a critical focus on employee development and well-being, provide dedicated training programs with a fun and collaborative atmosphere.
Functional Overview
The primary goal of this position is to ensure delivery of best-in-class cybersecurity, risk management, and compliance for Cardinal Health. This role will support other Security Officers in managing their portfolio as well as independently manage compliance tasks within the security space.
Job Overview
The Information Security & Risk Engineer will be responsible for day-to-day activities in implementing the corporate information security and compliance program. The individual will be a front-line partner to technical teams and work across the organization to deliver security and compliance initiatives aligning to corporate policies, standards, procedures and audit activities. Success in the role will be measured by the effectiveness of the implementation of information security, risk management and compliance directives.
This role will work with various IT and business teams to drive both information security and compliance initiatives. The individual will assist with internal and external security compliance monitoring activities, review client audits, IT control audits, architecture reviews, threat modeling, security risk assessments and will assist in the management of compliance activities such as NIST, HIPAA, SOC 2, FedRAMP, PCI, ISO27001, HITRUST and SOX. Good interpersonal and relationship building skills are essential for success.
Job Responsibilities Include:
- Maintain governance program that ensures that the security policies, standards and process are in place
- Serve as liaison to other Cardinal Health teams to ensure knowledge share and best practices
- Partner with the engineering, architecture and operations teams to ensure delivery of infrastructure design and threat models which prove security requirements
- Monitor security trends and drive security best practices throughout the organization
- Evaluate, design, test, and recommend new or improved controls
- Work with third party firms and consultants to conduct independent security audits, vulnerability scans, and penetration tests
- Investigate, drive resolution and document security incidents
Qualifications
- Bachelors Degree in related field, or equivalent work experience leading cybersecurity or information security initiatives
- Have 3+ years information security related work experience, preferably within the healthcare industry
- Experience in vulnerability management programs, vulnerability assessments and advanced understanding of risk management
- Familiarity with at least one common programming language, software development pipelines, and system lifecycles
- Familiarity with security frameworks and assessments such as HIPAA/HITECH, ISO, ITIL, NIST, PCI DSS, & SOX
- Familiarity with common security vulnerabilities like OWASP Top 10
- Experience advising and mentoring diverse teams where you do not have direct authority
- Strong written and verbal communication skills
Anticipated salary range: $92,100 - $131,600
Bonus eligible: No
Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.
- Medical, dental and vision coverage
- Paid time off plan
- Health savings account (HSA)
- 401k savings plan
- Access to wages before pay day with myFlexPay
- Flexible spending accounts (FSAs)
- Short- and long-term disability coverage
- Work-Life resources
- Paid parental leave
- Healthy lifestyle programs
Application window anticipated to close: 5/15/2024 *if interested in opportunity, please submit application as soon as possible.
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
To read and review this privacy notice click here