Senior Information Security & Risk Engineer

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE : CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide.

The company provides clinically-proven medical products and pharmaceuticals and cost-effective solutions that enhance supply chain efficiency from hospital to home. Cardinal Health connects patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with approximately 50,000 employees in 46 countries, Cardinal Health ranks among the top 20 on the Fortune 500.

We currently have a full-time career opening within Information Security to support the growth of our Navista Application Suite and the Integrated Oncology Network (IoN).

Department overview

The Information Security department at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security practices and controls are embedded into Cardinal Health’s people, process and technology. We are a remote-first team and are excited to offer full-time remote opportunities.

Functional Overview

The Senior Information Security & Risk Engineer is a new capability for Cardinal Health and will be executed by the Product Security team. The primary goal of this position is to ensure delivery of best-in-class cybersecurity, risk management, and compliance for Navista, an oncology Managed Service Offering hosted by Cardinal Health.

Job Overview

The Information Security & Risk Engineer will be responsible for day-to-day activities in implementing the corporate information security and compliance program. The individual will be a front-line partner to technical teams and work across the organization to deliver security and compliance initiatives aligning to corporate policies, standards, procedures and audit activities. Success in the role will be measured by the effectiveness of the implementation of information security, risk management and compliance directives.

This role will work with various IT and business teams to drive both information security and compliance initiatives. The individual will assist with internal and external security compliance monitoring activities, review client audits, IT control audits, architecture reviews, threat modeling and security risk assessments. Good interpersonal and relationship building skills are essential for success.

Job Responsibilities Include :

Maintain governance program that ensures that the security policies, standards and process are in place

Serve as liaison to other Cardinal Health teams to ensure knowledge share and best practices

Partner with the engineering, architecture and operations teams to ensure delivery of infrastructure design and threat models which prove security requirements

Monitor security trends and drive security best practices throughout the organization via threat models and risk analysis

Evaluate, design, test, and recommend new or improved controls

Work with third party firms and consultants to conduct independent security audits, vulnerability scans, and penetration tests

Partner with developers to mentor and advise on secure coding and SDLC practices, define test cases and ensure appropriate testing, remediations, and mitigations

Investigate, drive resolution and document security incidents

Travel to various Integrated Oncology Network (IoN) sites may be required

Qualifications

Bachelors Degree in related field, or equivalent work experience leading cybersecurity or information security initiatives

Have 5+ years information security related work experience, preferably within the healthcare industry

Extensive experience with network and infrastructure design and security, ideally within the Azure cloud

Experience in vulnerability management programs, vulnerability assessments and advanced understanding of risk management

Familiarity with at least one common programming language, software development pipelines, and system lifecycles

Familiarity with standards such as HIPAA / HITECH, ISO, ITIL, NIST, PCI DSS, & SOX, CCPA, OWASP

Professional security certification (CISSP or CISM preferred)

Experience advising and mentoring diverse teams where you do not have direct authority

Strong written and verbal communication skills

Anticipated salary range : $121,600 - $182,385

Benefits : Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

Medical, dental and vision coverage

Paid time off plan

Health savings account (HSA)

401k savings plan

Access to wages before pay day with myFlexPay

Flexible spending accounts (FSAs)

Short- and long-term disability coverage

Work-Life resources

Paid parental leave

Application window anticipated to close : 4 / 7 / 2025

• if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity / expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here ()

Senior Information Security Engineer • Indianapolis, IN, United States