Manager, Information Security & Risk - IT Compliance

Company Overview:

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcares most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500.

Department Overview:

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. The IT Governance and Compliance function within the organization develops, enhances, and maintains security policies and IT compliance programs in alignment with regulatory, legal, and contractual requirements, while collaborating closely with key stakeholders to maintain a security and compliant technology environment.

We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding our information and supporting our mission to improve the lives of people every day.

We are seeking a strategic and experienced Manager of IT Compliance, and in this role, you will have the opportunity to lead meaningful work, collaborate across functions, and help shape the future of our IT compliance strategy.

Job Overview:

Manager of IT Compliance will lead the development, execution, and continuous improvement of our enterprise IT compliance programs. This role will set the strategy in collaboration with the leader as well as provide direction and oversight across a broad set of compliance domains, including IT Privacy regulations (i.e., HIPAA, GDPR, etc.), third party certification management (e.g., HITRUST, SOC 2), and proactively driving compliance to emerging regulatory obligations. The manager will lead a high-performing team and work cross-functionally with legal, privacy, audit, and IT stakeholders to ensure the organization maintains a strong and proactive compliance posture.

Key Responsibilities:

• People Leadership: Lead and develop a team of IT compliance professionals. Foster an inclusive, collaborative, accountable and high-performing team culture.
• Program Leadership: Set strategic direction in collaboration with the leader for the IT Compliance function, aligning program objectives with organizational goals and evolving regulatory requirements.
• IT Privacy Compliance Program: Oversee the design, implementation, enhancement, and maintenance of the IT privacy compliance program to enable compliance with key IT privacy regulation requirements (e.g., HIPAA, GDPR), while partnering with key partners and stakeholders.
• Third-Party Certifications Management: Set strategic direction in collaboration with the leader for management of external certifications such as HITRUST and SOC 2, including program governance, planning, readiness, remediation oversight, cost and support model, and ongoing maintenance of the certifications.
• IT Compliance Assessment: Direct and oversee the execution of compliance assessments and gap assessments for existing regulations from an IT perspective, collaborating with key stakeholders and partners throughout the organization.
• Regulatory Monitoring: Proactively identify, assess, and operationalize compliance to new or evolving regulatory requirements that impact the organizations IT environment, collaborating with key stakeholders and partners throughout the organization.
• Reporting and Metrics: Establish KPIs and KRIs as well as reporting processes to provide ongoing updates to leadership on health of the IT compliance program effectiveness, risk exposure, and compliance trends and posture.
• Advisory Services: Serve as a key advisor to stakeholders across Privacy, Legal, Audit, IT and Business Units to confirm regulatory and contractual obligations are understood and addressed in IT processes and controls.

Qualifications:

• Bachelors Degree in related field or equivalent work experience
• 10+ years experience in IT Governance, Risk and Compliance functional roles such as IT Compliance, IT Risk Management, IT Audit, Enterprise Risk Management, etc preferred.
• Proven leadership experience with the ability to foster an inclusive and engaging culture.
• Prior experience working with Internal or External Audit functions are a plus.
• Deep knowledge of risk and control frameworks as well as key regulatory requirements that impact healthcare organizations.
• Direct experience in managing third-party certifications such as HITRUST and SOC 2 is preferred including readiness and gap assessments to managing certifications.
• Strong understanding of IT environments, systems, data governance practices
• Strong interpersonal skills and presentation skills with ability to tailor message for the audience are foundational for success.
• Strong and effective communication skills with ability to influence and drive actions.
• Ability to identify and engage cross functional teams to solve problems that meet organizational objectives.
• Ability to identify alternative solutions to solve a given problem when traditional solution may not be feasible.
• Security, compliance, or risk certifications such as CIPT (Certified Information Privacy Technologist), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are preferred.

Anticipated salary range:$121,600 - $182,385

Bonus eligible:Yes

Benefits:Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs

Application window anticipated to close:9/25/2025 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidates geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.