Cardinal Health IT Risk and Compliance Advisor in Dublin, Ohio
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.
We currently have a career opening for an IT Risk and Compliance Advisor. This role will report directly to the Medical segment IT controls compliance council manager and will be responsible ensuring HITRUST compliance for Medical segment IT. The individual will assist in maintaining existing HITRUST scoped applications compliance as well serving as the primary point of contact for new HITRUST scoped applications to ensure design and implementation of necessary controls frameworks to ensure compliance.
Success in the role will be measured by the effectiveness of the implementation and operation of HITRUST-scoped applications.
Essential Duties and Responsibilities:
- Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and also responding to external assessments
- Establish and maintain security & controls policies and procedures in accordance with applicable regulations
- Assist in response to security assessments and questionnaires.
- Research new security compliance requirements and assist in the evaluation of compliance control requirements.
- Report security control related metrics and effectiveness
- Evaluate, design, test, and recommend new or improved controls to keep Med. IT applications current with industry standards and compliance requirements.
- Partner with leadership regarding information security risks, controls, and audit requirements.
- Manage corrective action logs and ensure issues are assigned priority and closed out in a timely manner
- Collaborate with organizational teams to design and deliver training initiatives that promote the development of staff
Any other duties that may be required as assigned
- Experience participating in external security audits; SOC2 Type II and/or HITRUST preferred
- Experience conducting needs assessments and identifying/implementing appropriate solutions
- Solid working knowledge of governance frameworks including NIST, ISO27000, FedRAMP, PCI, and HITRUST
- Strong personality, ability, and credibility to influence key decision-makers, and highly technical resources
- Strong subject matter credibility Must have knowledge and ability to take a practical/business-relevant approach to security and compliance, resulting in a practical yet compliant security program
4 years information security and compliance experience across a wide base of disciplines including:
- Metric reporting
- Project management
- Customer support and account management
- Audit management and internal audit standards
- Process control design and testing methods
- Risk assessment tools
- Compliance program execution
- Experience working in an Agile environment is preferred
- Good verbal and written communications
- Team Player and Collaborative – Ability to work well with team members to achieve the desired results
- Driven and self-motivated to learn new technologies and achieve objectives
- Ability to multi-task with organization, efficiency, accountability, and attention to detail
- Excited, interested and engaged in the areas of security, compliance and our business
- Strong oral and written communication skills
Education and Certifications
- BS in Computer Science or equivalent experience
- Professional certification preferred: CISSP, CISA, CISM
Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.