Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 40,000 employees in nearly 60 countries, Cardinal Health ranks among the top 25 on the Fortune 500.
We currently have a full-time job opening for an IT Security and Controls Compliance Lead supporting one of two major business divisions for Cardinal Health.
The IT Security and Controls Compliance Lead is a first line of defense role responsible for defining, implementing and evaluating the effectiveness of IT general controls within their business segment.
The IT Security and Controls Compliance Lead will be the dedicated resource for managing security and controls compliance for one of our two business segments. They will be responsible for working with business and IT leaders in the segment to ensure ongoing risk management and compliance of the segment.
Additional responsibilities include:
- Work with IT leaders to design effective IT controls to manage risk and ensure compliance with regulations (e.g., SOX, HIPAA, GDPR)
- Design IT controls that increases operational efficiency and reduces the likelihood of control failure (e.g., automated and preventative controls vs. manual and detective)
- Define business cases for the investment in new capabilities (e.g. advanced identity management solutions) that improve the overall IT controls environment
- Evaluate execution of IT controls to ensure they are operating effectively
- Provide support for third party certifications such as SOC 1, SOC 2 and HITRUST
- Perform IT segregation of duties analysis
- Align with internal and external audit to understand SOX compliance processes
- Track and drive remediation of IT control issues within our IT risk governance process
- Act as a liaison for Internal Audit
- Act as a champion to raise awareness and promote a mindset focused on IT controls and compliance
- Collaborate cross-functionally within the information security and risk management department to ensure alignment with existing compliance, risk management and information security activities
- Strong understanding and experience with SOX and/or other regulatory compliance processes
- Experience with IT risk governance software (i.e. Archer, AuditBoard, ServiceNow GRC) a plus
- IT auditing experience or an IT risk governance/compliance background a plus
- Background in IT technologies and concepts including networks, databases, middleware, interfaces, and applications
- Ability to communicate effectively and efficiently verbally and written with IT personnel, external auditors, consultants, and other company personnel
- Bachelors Degree in related field or equivalent work experience
What is expected of you and others at this level
- Applies comprehensive knowledge and a thorough understanding of risk, compliance and IT general controls
- Propose technical and / or process solutions to a wide range of problems
Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.