What Information Security and Risk contributes to Cardinal Health Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.
Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.
The Senior IT Security and Privacy Engineer collaborates with Privacy and Information Security leadership to assure compliance with federal and state privacy and information security laws and regulations, including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and the organization's privacy and information security policies and procedures. Responsible for leading and overseeing the planning, execution, and management of regulatory, investigative, and educational-based projects. Develops and delivers privacy and information security awareness and compliance education and training for the enterprise and oversees investigations with oversight from Privacy and Information Security leadership on regulatory matters and concerns.
Support the organization's overall Cybersecurity posture and culture
Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives
Use strong technical, process, and interpersonal skills to effectively analyze information systems, research and validate risks
Responsible for providing enterprise security solutions for business, regulatory, and legal requirements, and assuring the confidentiality, integrity, and availability of information assets
Review policies, procedures, system design, security controls, risk assessment, and risk management practices against NIST Cybersecurity Framework, NIST 800-53 and other standard security frameworks
Oversee Business Resiliency and Disaster Recovery
Work with senior organization management, security, and corporate compliance officer to establish governance for the privacy program
Provide assessment support to sales, business, and technology associates
Provide support and work with legal, sales, and business in reviewing/updating MSA, BAA, RFP/RFI
Collaborate with the information security officer to ensure alignment between security and privacy compliance programs, including policies, practices, investigations, and acts as a liaison to the information systems department
Establishes, with the information security officer, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information
Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation
Develops, delivers, and oversees initial and ongoing privacy training to the workforce.
Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
Serves as information privacy resource to the organization regarding the release of information and all departments for all privacy-related issues.
Bachelor's degree in Information Technology in health information management or a related healthcare field preferred
5+ years of experience in the field preferred
Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53
Experience in understanding of HIPAA regulatory specifications and compliance requirements
Strong analytic, troubleshooting skills; can problem solve, organize, and manage multiple cybersecurity tasks and projects in a health information system environment
Knowledge of Cybersecurity Analysis, processes, and tools and reporting
Strong understanding of risk management concepts, metrics, and reporting methodologies
Self-driven education to stay abreast of security developments and threats
Team-oriented; active participant in team and project meetings.
CISSP, CRISC, CISA, CISM, or similar certification
Excellent organizational and problem-solving skills
Excellent verbal and written communication skills
Proficient with Microsoft Office Suite
What is expected of you and others at this level
Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects
Participates in the development of policies and procedures to achieve specific goals
Recommends new practices, processes, metrics, or models
Works on or may lead complex projects of large scope
Projects may have significant and long-term impact
Provides solutions which may set precedent
Independently determines method for completion of new projects
Receives guidance on overall project objectives
Acts as a mentor to less experienced colleagues
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities.We are a crucial link between the clinical and operational sides of healthcare, delivering end-to-end solutions and data-driving insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives and innovative digital solutions, we build connections across the continuum of care. With more than 50 years of experience, we seize the opportunity to address healthcare's most complicated challenges – now, and in the future.As a global, growing company, we’re able to offer rewarding careers that let you make a positive impact on our customers and communities.