Location: Concord,NH, USA
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide.The company provides clinically-proven medical products and pharmaceuticals and cost-effective solutions that enhance supply chain efficiency from hospital to home. Cardinal Health connects patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with approximately 50,000 employees in 46 countries, Cardinal Health ranks among the top 15 on the Fortune 500.We currently have a full-time job opening for a Senior Security Engineer of Customer Security AssuranceDepartment overview:Information Security and Risk Management (ISRM) at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls are embedded into Cardinal Health's people, process and technology. The Cyber Risk and Customer Security Assurance team fulfils our mission to strengthen our shield against cyber threats by providing a framework of processes and methodologies to manage Cardinal Health's cybersecurity risks through issue and exception management, policy and standard creation, and customer third party risk assessment engagement.Job overview:Sr. Engineer, Customer Security Assurance, applies knowledge of Information Security, Risk Management, and Information Technology to lead the maturity of our Customer Security Assurance program. The primary responsibility of this role is to lead the Customer Security Assurance function and collaborate with a variety of Cardinal Health business units to address the requirements and needs that are established by our customers. Customer requirements include the completion of IT vendor third party risk assessments, advising on third party certifications (i.e. SOC2 and HITRUST), providing direction on remediation procedures, negotiation of contract terms, and collaborating with our customers to address any Cyber Risk related inquiries.This role is a senior position within the team and will work with all members of the Information Security team as well as legal, sales and customer support resources throughout the Cardinal Health enterprise.Responsibilities:Develop and implement an effective strategy/process for addressing our customers' IT security and controls concernsIdentify, establish, and report on key performance indicators to ensure we are meeting our business' expectations as regards Customer Security AssuranceLooking for efficiencies and driving the business and security teams to meet our current and future customer needs.Mentoring junior members of the teamEstablish and develop relationships with various members of the business (i.e., legal, sales, business leaders) and quickly become knowledgeable about the respective IT environment, controls and processesEffectively and efficiently complete third-party risk assessments provided by our customersAdvise the business on the selection, planning, execution and, if necessary, remediation of a third-party certification (i.e. SOC2, HITRUST)Work with internal and customer legal counsel to align on mutually agreeable legal security and controls language to protect both organizationsEffectively communicate identified gaps and planned remediation procedures to application owners and to leadershipUnderstand when issues need to be escalated and/or communicated to Cardinal Health leadershipQualifications:Excellent written and verbal communication skillsExperience in Information Technology and Information SecurityExperience implementing and maintaining processes at large enterprisesExperience with IT security principles, practices, technologies, programs and procedures, accompanied by an understanding of risk management methodologies and cybersecurity assessment frameworksHigh-quality analytical skills, relationship management competenciesFamiliarity with IT Security and Governance audits standards including SOC2, ISO 27002, NIST Cybersecurity Framework, HITRUST, etc.Relevant Information Security CertificationsAnticipated salary range: $121,600 - $182,385Bonus eligible: YesBenefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.Medical, dental and vision coveragePaid time off planHealth savings account (HSA)401k savings planAccess to wages before pay day with myFlexPayFlexible spending accounts (FSAs)Short- and long-term disability coverageWork-Life resourcesPaid parental leaveHealthy lifestyle programsApplication window anticipated to close: 12/20/2024 *if interested in opportunity, please submit application as soon as possible.The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity.Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.To read and review this privacy notice click here (