Engineer, Information Security and Risk Job
Job Description Job Attributes+
-
Job ID
9873d6c4-c2fe-47ce-981c-ac609003854d
-
Req #
20119966
-
Job Location
Remote Location
-
Job Category
Information Technology
-
Job Type
Regular
-
Schedule
Full time
Job Description Summary: Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.
Cardinal Health’s Information Security team aims to be a world-class cybersecurity and risk management organization that enables Cardinal Health to be healthcare’s most trusted partner. We are a remote-first team and are excited to offer full-time remote opportunities. We currently have a full-time career opening for an Information Security and Risk Engineer role within the Information Security Organization. This role will report to the manager of IT control compliance council within our Information Security Team and will serve as the first line of defense role responsible for defining, implementing, and evaluating the effectiveness of IT controls. The role will also assist in maintaining existing HITRUST compliance for in scoped applications compliance as well serving as the primary point of contact for new HITRUST scoped applications to ensure design and implementation of necessary controls frameworks to ensure compliance.
Qualifications:
Bachelor’s Degree in related field or equivalent work experience4+ years’ experience in related field preferred, such as IT audit, IT compliance functionStrong understanding and experience with SOX and/or other regulatory compliance processesTeam Player and Collaborative – Ability to work well with team members to achieve the desired results.Ability to multi-task with organization, efficiency, accountability, and attention to detail.Driven and self-motivated to learn new technologies and achieve objectives.A great & effective verbal and written communicatorProfessional certification preferred: CISSP, CISA, CISM, CRISCEssential Duties and Responsibilities:
Perform IT risk assessment for pilot areas and identify control gapWork with IT stakeholders to design effective IT controls and monitor the execution to manage risk and ensure compliance with regulations (e.g., SOX, HIPAA, GDPR)Design IT controls that increase operational efficiency and reduces the likelihood of control failure (e.g., automated and preventative controls vs. manual and detective)Challenge status quo - recommend new or improved controls to keep IT applications current with industry standards and compliance requirements.Provide support for third party certifications such as SOC 1/2 and HITRUSTTrack and drive remediation of IT control issues within our IT risk governance process Strong in educating/influencing of IT stakeholders to raise awareness and promote a mindset focused on IT controls and complianceOversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and responding to external assessments.Collaborate cross-functionally within the information security and risk management department to ensure alignment with existing compliance, risk management and information security activitiesResearch new security compliance requirements and assist in the evaluation of compliance control requirements.Any other duties that may be required as assigned.Experiences:
Experience participating in external security audits; SOX, HITRUST and/or SOC1/2 Type II audit experiences are preferredSolid working knowledge of governance frameworks including HITRUST, NIST, ISO27000, FedRAMP, and PCIExperience with Corrective Action Plans (CAP) to remediate deficiencies identified through monitoring, auditing, or a Compliance Issue Report (CIR). These activities should consist of improvements to health plan processes or vendor processes taken to eliminate causes of non-compliance or other issues.Strong personality, ability, and credibility to influence key decision-makers, and highly technical resources.Strong Knowledge/experience of IT controls for mainstream ERP, such as SAP, is a plusStrong in root cause analysis and problem solvingStrong flowcharting skill is a plusExperience with IT risk governance software (i.e. Archer, AuditBoard, ServiceNow GRC) is a plusCardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.