Career Center

This position is responsible and accountable for managing the development, implementation and management of more than one service, capability Security controls / services areas of the Information Security management framework at the enterprise level supporting all AmerisourceBergen business units and affiliates.  

Specific areas of responsibility include but are not limited to: Managing the design, implementation and management of appropriate processes and controls which help assure that information created, acquired or maintained by ABC and its authorized users, is used in accordance with its intended purpose; Proactive identification of risks and protecting ABC’s information and infrastructure from external / internal threats and implement processes which help manage and reduce the overall risk impact for ABC. Create visibility and qualification of risks and drive initiatives to help ensure compliance with contractual, statutory and regulatory requirements, regarding information availability, access, security and privacy. Operational and financial responsibility for the development, implementation and delivery of appropriate security services and solutions to IT and directly to the business units across ABC and affiliates globally. In partnership with Business Unit management team, identify the critical business assets (services, processes, information and systems), assess the potential threats and associated business risks and architect the appropriate and cost-effective security measures to ensure availability and safeguarding of the information. Provide leadership in establishing policies, guidelines, standards, processes, procedures, best practices and services in the areas of Secure Coding, Application, Infrastructure, Systems and Process security.

Primary Duties and Responsibilities:

• Oversee and own the development, implementation and management of Customer Identity and Access Management (CIAM) services which includes integration with business applications, Registration, Consent Management, Identity Life Cycle Management, Access Management (SSO, Federation, multi-factor), Role and Rights Management, Entitlement Review and Attestations (Audit and Assurance), Identity and Access Analytics

• Understand a variety of IAM-related product suites and tools to make critical operational and strategic decisions

• Example products include SAP Customer Data Cloud (Gigya), ForgeRock, Okta, SailPoint IIQ or IdentityNow, Ping Identity, Quest Change Auditor, ADFS, Active Directory, PowerShell scripts, etc

• Ensures Identity and Access Management Services follows appropriate policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs These efforts include (but are not limited to): Information Security Governance processes, Policies & Procedures, Audits, Metrics, and reporting in direct alignment with contractual, regulatory and compliance requirements

• Directly partner with the enterprise Finance, Legal, Audit and Compliance executives to support Internal and External Audits (SOX, COBIT, IT Controls)

• Lead the development and implementation of prudent enterprise security standards, guidelines, and procedures to protect the integrity, availability, and privacy of all corporate information assets

• Working with BISO organization, support the Business Unit and IT executives through the process of prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the corporate strategic plan

• Manage, develop, and mentor team members as well as contractors, vendors, and services providers

• Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all IT projects, including the evaluation of enterprise policies, processes, operating procedures, and governance controls

• Working with ISO Awareness Team, drive the development, implementation, and management of Identity and Access Management training & awareness program to assure ABs workforce is knowledgeable of IAM processes, policies, and best practices

• Drive the tracking and resolution of Audit findings and remediation activities and support external and customer security audits

• Develop and implement appropriate metrics and KPIs and provide regular reporting on the information security program maturity, risk posture and management, and regulatory compliance of the company

Identity & Access Management

• Establish standards, driving designs and implementation of appropriate processes and controls which help assure that information created, acquired, or maintained by ABC and its authorized users, is used in accordance with its intended purpose

• Proactively identifying risks and protecting AB’s information and infrastructure from external / internal threats

• Drive the design, implementation and management of a shared service which covers:

• Customer Identity Life Cycle Management

• Access Management

• Role and Rights Management

• Entitlement Review and Attestation (Audit & Assurance)

• Identity & Access Analytics

• Responsible for all associate relations functions for department staff including hiring, terminating, performance management, development, and training

• In alignment with the Company's growth and direction, assists in managing the development of budgets, controls, and measurements to monitor progress

• Makes recommendations for succession planning.

• Performs related duties as assigned

• Bachelor’s Degree in Information Technology, Information Security and Assurance, Computer Science, Cyber Security, Business Analytics or other related field or equivalent work experience

• Typically requires 10 to 15 years of combined IT and security work experience with a broad range of exposure to Identity and Access Management functions and over 5 years’ experience designing and deploying Customer and/or Workforce Identity and Access Management solutions at the enterprise level

• Position requires minimum 2-3 years’ experience managing Customer Identity and Access management (CIAM) programs for a global corporation

• Seasoned manager of professionals and cross functional teams, who can develop and retain top talent in the field

• Demonstrated success in managing an Information Security Framework, solution, and service for a cross functional corporation

• Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST and PCI

• Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required

• Excellent understanding of IT Security & Risk Management, strategic planning and the related tactical initiatives needed to achieve the plan.

• Understanding of financial management and departmental budgeting desired

About AmerisourceBergen

AmerisourceBergen Corporation (NYSE: ABC) fosters a positive impact on the health of people and communities around the world by advancing the development and delivery of pharmaceuticals and healthcare products. As a leading global healthcare company, with a foundation in pharmaceutical distribution and solutions for manufacturers, pharmacies, and providers, we create unparalleled access, efficiency, and reliability for human and animal health. Our 42,000 global team members power our purpose: We are united in our responsibility to create healthier futures. AmerisourceBergen focuses on driving an inspiring and inclusive culture. We challenge our people to lead fulfilling lives both in and outside of work. Click on link to apply: https://www.amerisourcebergen.com/careers-home

Connections working at AmerisourceBergen