Career Center

What Information Security and Risk contributes to Cardinal Health
Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

Job Summary

The Senior IT Security and Privacy Engineer collaborates with Privacy and Information Security leadership to assure compliance with federal and state privacy and information security laws and regulations, including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and the organization's privacy and information security policies and procedures. Responsible for leading and overseeing the planning, execution, and management of regulatory, investigative, and educational-based projects. Develops and delivers privacy and information security awareness and compliance education and training for the enterprise and oversees investigations with oversight from Privacy and Information Security leadership on regulatory matters and concerns.

Responsibilities

• Support the organization's overall Cybersecurity posture and culture
• Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives
• Use strong technical, process, and interpersonal skills to effectively analyze information systems, research and validate risks
• Responsible for providing enterprise security solutions for business, regulatory, and legal requirements, and assuring the confidentiality, integrity, and availability of information assets
• Review policies, procedures, system design, security controls, risk assessment, and risk management practices against NIST Cybersecurity Framework, NIST 800-53 and other standard security frameworks
• Oversee Business Resiliency and Disaster Recovery
• Work with senior organization management, security, and corporate compliance officer to establish governance for the privacy program
• Provide assessment support to sales, business, and technology associates
• Provide support and work with legal, sales, and business in reviewing/updating MSA, BAA, RFP/RFI
• Collaborate with the information security officer to ensure alignment between security and privacy compliance programs, including policies, practices, investigations, and acts as a liaison to the information systems department
• Establishes, with the information security officer, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information
• Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation
• Develops, delivers, and oversees initial and ongoing privacy training to the workforce.
• Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
• Serves as information privacy resource to the organization regarding the release of information and all departments for all privacy-related issues.

Qualifications

• Bachelor's degree in Information Technology in health information management or a related healthcare field preferred
• 5+ years of experience in the field preferred
• Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53
• Experience in understanding of HIPAA regulatory specifications and compliance requirements
• Strong analytic, troubleshooting skills; can problem solve, organize, and manage multiple cybersecurity tasks and projects in a health information system environment
• Knowledge of Cybersecurity Analysis, processes, and tools and reporting
• Strong understanding of risk management concepts, metrics, and reporting methodologies
• Self-driven education to stay abreast of security developments and threats
• Team-oriented; active participant in team and project meetings.
• CISSP, CRISC, CISA, CISM, or similar certification
• Excellent organizational and problem-solving skills
• Excellent verbal and written communication skills
• Proficient with Microsoft Office Suite

What is expected of you and others at this level

• Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects
• Participates in the development of policies and procedures to achieve specific goals
• Recommends new practices, processes, metrics, or models
• Works on or may lead complex projects of large scope
• Projects may have significant and long-term impact
• Provides solutions which may set precedent
• Independently determines method for completion of new projects
• Receives guidance on overall project objectives
• Acts as a mentor to less experienced colleagues

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.