Business Information Security Officer

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide.

We currently have a full-time career opening within the Business Information Security Organization (BISO) for a Business Information Security Officer.

Department overview:

The Business Information Security Organization (BISO) was recently established within the Information Security and Risk Management (ISRM) team based out of Dublin, Ohio.  Integrating closely with the Cardinal Health business segments, the BISO will drive the socialization and assist in the implementation of enterprise security requirements including policies, procedures and risk mitigation activities.  The BISO aims to deliver tangible value to the business by supporting segment specific objectives and creating speed and security through the following:  ensure resiliency of critical business systems, safeguarding information and creating a security minded culture within each business unit.

Job Overview:

• Trusted partner within the assigned business segment and liaison for the Information Security and Risk Management organization
• Regular cadence with Information Security and Risk Management (ISRM), Enterprise Information Technology and participation in Business Unit meetings to ensure security and resiliency are embedded into critical business functions and strategies
• Advise and assist with reviewing architectural designs to follow “Defense in Depth” strategies as defined by the ISRM organization
• Review and report on the state of information security within Cardinal Health business segments by assessing physical and logical access, data security, compliance to regulatory requirements, adherence to infrastructure standards including IT and OT components
• Measure the business value of security and risk mitigation activities
• Information Security Policy interpretation & assist with implementation
• Risk Assessment/Gap Analysis for internal processes and systems
• Third Party Risk Assessment Support
• Consult & assess cyber risk and help implement controls to secure
• Contract management – security language review
• Security Awareness needs and education
• Coordinate/facilitate tabletop exercises with business & product teams
• Create and socialize Cyber Risk Profile view and dashboard
• Engage in regular cadences with Information Security, IT and business unit meetings to ensure security adherence

Daily Responsibilities:

This is a senior level position and will work with IT, business teams and members of the Information Security and Risk Management team.  They will identify and prioritize information security risks, communicate impact and drive mitigation to enable the business to achieve their strategic goals with speed and security.    

Additional responsibilities include:

• Identify security goals, objectives and metrics specific to the assigned business segment to show continued improvement of security posture
• Socialize and manage the implementation of information security policy, standards, guidelines and procedures to ensure ongoing maintenance of security in the assigned business segment
• Assist in prioritizing information security initiatives and spending as it relates to the assigned segment business needs and priorities
• Ensure information technology compliance including data privacy and other regulations

Qualifications:

• Strong, comprehensive information security background
• Strong relationship builder and ability to influence without authority is required in order to be successful in this role
• Knowledge of information security methodologies, technologies, architectures, practices, policies and working knowledge of NIST Cyber security Framework
• Ability to evaluate security measures in terms of their impact on the business model, or vice versa
• Experience with implementing applications and systems to support direct consumer interaction, including marketing, customer care, electronic commerce, and fulfillment functions
• Experience with managing the risk of third parties who provide information technology capabilities or interface with information technology components of the business environment
• Certifications such as Certified Information Security Professional (CISSP) or Certified Information Security Manager (CISM) are a major plus

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.