Engineer, Information Security and Risk
Company: Cardinal Health
Location: Augusta
Posted on: April 18, 2024
|
|
Job Description:
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH)
is a global, integrated healthcare services and products company
connecting patients, providers, payers, pharmacists and
manufacturers for integrated care coordination and better patient
management. Backed by nearly 100 years of experience, with more
than 50,000 employees in nearly 60 countries, Cardinal Health ranks
among the top 20 on the Fortune 500.
Cardinal Health's Information Security team aims to be a
world-class cybersecurity and risk management organization that
enables Cardinal Health to be healthcare's most trusted partner. We
are a remote-first team and are excited to offer full-time remote
opportunities. We currently have a full-time career opening for an
Information Security and Risk Engineer role within the Information
Security Organization. This role will report to the manager of IT
control compliance council within our Information Security Team and
will serve as the first line of defense role responsible for
defining, implementing, and evaluating the effectiveness of IT
controls.
Qualifications :
Bachelor's Degree in related field or equivalent work
experience
4+ years' experience in related field preferred, such as IT audit,
IT compliance function
Strong understanding and experience with SOX and/or other
regulatory compliance processes
Team Player and Collaborative - Ability to work well with team
members to achieve the desired results
Willing to independently navigate through complex scenarios and
uncharted compliance topics
Ability to multi-task with organization, efficiency,
accountability, and attention to detail
Driven and self-motivated to learn new technologies and achieve
objectives
A great & effective verbal and written communicator
Professional certification preferred: CISA, CISSP, CISM, CRISC
Essential Duties and Responsibilities :
Perform IT risk assessment for pilot areas and identify control
gap
Work with IT stakeholders to design effective IT controls and
monitor the execution to manage risk and ensure compliance with
regulations (e.g., SOX, HIPAA, GDPR)
Design IT controls that increase operational efficiency and reduces
the likelihood of control failure (e.g., automated and preventative
controls vs. manual and detective)
Challenge status quo - recommend new or improved controls to keep
IT applications current with industry standards and compliance
requirements.
Carry out analysis on third party audit reports, such as SOC 1/2,
to identify potential control issues.
Track and drive remediation of IT control issues within our IT risk
governance process Strong in educating/influencing of IT
stakeholders to raise awareness and promote a mindset focused on IT
controls and compliance
Oversee information security compliance activities, including
daily, weekly, quarterly and/or annual security risk assessments -
both performing internal assessments and responding to external
assessments.
Collaborate cross-functionally within the information security and
risk management department to ensure alignment with existing
compliance, risk management and information security activities
Research new security compliance requirements and assist in the
evaluation of compliance control requirements.
Any other duties that may be required as assigned
Experiences:
Experience participating in external control audits; SOX and/or
SOC1/2 Type II audit experiences are preferred
Solid working knowledge of governance frameworks including NIST,
ISO27000, FedRAMP
Experience with Corrective Action Plans (CAP) to remediate
deficiencies identified through monitoring, auditing, or a
Compliance Issue Report (CIR). These activities should consist of
improvements to health plan processes or vendor processes taken to
eliminate causes of non-compliance or other issues
Strong personality, ability, and credibility to influence key
decision-makers, and highly technical resources.
Strong Knowledge/experience of IT controls for mainstream ERPs,
such as SAP, is a plus
Strong in root cause analysis and problem solving
Strong flowcharting skill is a plus
Experience with IT risk governance software (i.e. Archer,
AuditBoard, ServiceNow GRC) is a plus
Anticipated salary range: $92,100 - $131,600
Bonus eligible: No
Benefits: Cardinal Health offers a wide variety of benefits and
programs to support health and well-being.
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Application window anticipated to close: 3/11/2024 *if interested
in opportunity, please submit application as soon as possible.
Candidates who are back-to-work, people with disabilities, without
a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values
diversity of thought, experience and background. We celebrate the
power of our differences to create better solutions for our
customers by ensuring employees can be their authentic selves each
day. Cardinal Health is an Equal Opportunity/Affirmative Action
employer. All qualified applicants will receive consideration for
employment without regard to race, religion, color, national
origin, ancestry, age, physical or mental disability, sex, sexual
orientation, gender identity/expression, pregnancy, veteran status,
marital status, creed, status with regard to public assistance,
genetic status or any other status protected by federal, state or
local law.
To read and review this privacy notice click here
(https://www.cardinalhealth.com/content/dam/corp/email/documents/corp/cardinal-health-online-application-privacy-policy.pdf)
Keywords: Cardinal Health, New England , Engineer, Information Security and Risk, Engineering , Augusta, Northeast
Click
here to apply!
|