Sr Engineer, Vendor Third Party Risk

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company, providing customized solutions for hospitals, health systems, pharmacies, ambulatory surgery centers, clinical laboratories and physician offices worldwide.

The company provides clinically proven medical products, pharmaceuticals and cost-effective solutions that enhance supply chain efficiency from hospital to home. Cardinal Health connects patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with approximately 50,000 employees in 46 countries, Cardinal Health ranks among the top 25 on the Fortune 500.

We currently have a full-time job opening for a Senior Engineer of Vendor Third Party Risk Management.

Department overview:

The Information Security team at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls is embedded into Cardinal Health’s people, process and technology. We are a remote-first team and are excited to offer full-time remote opportunities.

Job Overview:

The primary responsibility of this role is to collaborate with a variety of business units and teams within IT to help manage third party IT risks, vendor contracting and managing customer request for proposal responses.

This is a high-visibility position as we continue to build and roll-out these capabilities across the enterprise.  This individual is expected to work autonomously, escalating issues as they are encountered and completing the assigned tasks within an established time frame.  Ability to effectively work in a variety of challenging environments is critical in achieving success for the role.

Key responsibilities include:

• Assess the governance, risk and compliance aspects related to prospective and incumbent third-party vendors to ensure compliance to Cardinal Health’s requirements
• Leverage expertise in IT risk management to ensure effective communication and alignment between third-party vendors and internal requirements/objectives
• Conduct quality assurance and effective peer review for team member assessments, audit findings and reports
• Demonstrate experience analyzing and interpreting data sets to develop and enhance metrics for reporting, informed decision making and advancement of strategic and operational initiatives
• Negotiate security terms and conditions with third parties and contract owners, identify risk remediation options and amend contracts as necessary. Collaborate closely with Legal Counsel to provide expert advice on Technical and Operational Measures (TOMS) and ensure compliance with security standards
• Monitor and ensure compliance to HIPAA, SOX and PCI security requirements
• Stay up to date on industry trends, regulatory expectations and emerging threats to advise team members, stakeholders and third parties on security methods that best aligns with policy and standards
• Deep expertise and ability to educate colleagues on risk management, controls and compliance concepts, frameworks and policies
• Act as a trusted subject matter expert to team members and stakeholders across the organization on third party risk management, including, providing guidance and mediation between vendors and business leaders
• Skilled in accurately assessing security needs in alignment with business requirements and balancing security priorities with business objectives, to deliver mutually beneficial outcomes
• Support audit engagements by leading remediation efforts and executing corrective actions. Ensure timely and effective resolution of audit findings to maintain compliance and improve operational processes
• Leverage individual expertise to actively review program, enhance and provide recommendations for development of strategic plans
• Identify and assess areas where existing policies, standards, procedures and guidelines require updates or new development. Recommend improvements and lead the implementation of approved changes to enhance organizational processes and compliance
• Proficiently builds strong relationships and engages constructively in a proactive and transparent approach with senior business leaders, colleagues and stakeholders across the broader organization

• Ability to establish authority, influence stakeholders and review & challenge without direct reporting responsibility
• Ability to demonstrate leadership courage and inspire team members and colleagues across the organization to embrace change
• Strong interpersonal and communications skills a must
• Experience in contract negotiation and risk management is essential
• Excellent analytical and problem-solving skills are essential
• Proven ability to effectively assess and adapt to changing business priorities
• Demonstrates superior teamwork skills
• Train, assist and mentor junior team members
• Trusted subject matter expert that delivers high quality work, applies sound judgment and works autonomously
• Must demonstrate a heightened sense of personal ownership and accountability
• Must demonstrate a personal sense of urgency
• Excellent attention to detail

Preferred Qualifications:

• Certification: Desired professional certifications (CISSP, CISA, CRISC, IAPP, CGEIT)
• Network security knowledge and awareness of current technologies
• Experience evaluating cloud-based technologies including security and API’s
• Bachelor’s Degree in related field or equivalent work experience

Anticipated salary range: $121,600 - $182,385

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs

Application window anticipated to close: 10/21/2024 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here