Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide.

The company provides clinically proven medical products, pharmaceuticals and cost-effective solutions that enhance supply chain efficiency from hospital to home. Cardinal Health connects patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with approximately 50,000 employees in 46 countries, Cardinal Health ranks among the top 25 on the Fortune 500.

We currently have a full-time job opening for a Senior Engineer of Vendor Third Party Risk Management.

Department overview:

The Information Security team at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls is embedded into Cardinal Health’s people, process and technology. We are a remote-first team and are excited to offer full-time remote opportunities.

Job Overview:

The primary responsibility of this role is to collaborate with a variety of business units and teams within IT to help manage third party IT risks, vendor contracting and managing customer request for proposal responses.

This is a high-visibility position as we continue to build and roll-out these capabilities across the enterprise.  This individual is expected to work autonomously, escalating issues as they are encountered and completing the assigned tasks within an established time frame.  Ability to effectively work in a variety of challenging environments is critical in achieving success for the role.

Key responsibilities include:

Assess the governance, risk and compliance aspects related to prospective and incumbent third-party vendors to ensure compliance to Cardinal Health’s requirementsLeverage expertise in IT risk management to ensure effective communication and alignment between third-party vendors and internal requirements/objectivesConduct quality assurance and effective peer review for team member assessments, audit findings and reportsDemonstrate experience analyzing and interpreting data sets to develop and enhance metrics for reporting, informed decision making and advancement of strategic and operational initiativesNegotiate security terms and conditions with third parties and contract owners, identify risk remediation options and amend contracts as necessary. Collaborate closely with Legal Counsel to provide expert advice on Technical and Operational Measures (TOMS) and ensure compliance with security standardsMonitor and ensure compliance to HIPAA, SOX and PCI security requirementsStay up to date on industry trends, regulatory expectations and emerging threats to advise team members, stakeholders and third parties on security methods that best aligns with policy and standardsDeep expertise and ability to educate colleagues on risk management, controls and compliance concepts, frameworks and policiesAct as a trusted subject matter expert to team members and stakeholders across the organization on third party risk management, including, providing guidance and mediation between vendors and business leadersSkilled in accurately assessing security needs in alignment with business requirements and balancing security priorities with business objectives, to deliver mutually beneficial outcomesSupport audit engagements by leading remediation efforts and executing corrective actions. Ensure timely and effective resolution of audit findings to maintain compliance and improve operational processesLeverage individual expertise to actively review program, enhance and provide recommendations for development of strategic plansIdentify and assess areas where existing policies, standards, procedures and guidelines require updates or new development. Recommend improvements and lead the implementation of approved changes to enhance organizational processes and complianceProficiently builds strong relationships and engages constructively in a proactive and transparent approach with senior business leaders, colleagues and stakeholders across the broader organizationAbility to establish authority, influence stakeholders and review & challenge without direct reporting responsibilityAbility to demonstrate leadership courage and inspire team members and colleagues across the organization to embrace changeStrong interpersonal and communications skills a mustExperience in contract negotiation and risk management is essentialExcellent analytical and problem-solving skills are essentialProven ability to effectively assess and adapt to changing business prioritiesDemonstrates superior teamwork skillsTrain, assist and mentor junior team membersTrusted subject matter expert that delivers high quality work, applies sound judgment and works autonomouslyMust demonstrate a heightened sense of personal ownership and accountabilityMust demonstrate a personal sense of urgencyExcellent attention to detail

Preferred Qualifications:

Certification: Desired professional certifications (CISSP, CISA, CRISC, IAPP, CGEIT)Network security knowledge and awareness of current technologiesExperience evaluating cloud-based technologies including security and API’sBachelor’s Degree in related field or equivalent work experience

Anticipated salary range: $121,600 - $182,385

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

Medical, dental and vision coveragePaid time off planHealth savings account (HSA)401k savings planAccess to wages before pay day with myFlexPayFlexible spending accounts (FSAs)Short- and long-term disability coverageWork-Life resourcesPaid parental leaveHealthy lifestyle programs

Application window anticipated to close: 10/21/2024 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here