Cardinal Health
Manager, Information Security & Risk - IT Compliance
Cardinal Health, Denver, Colorado, United States, 80285
Overview
Cardinal Health, Inc. is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. Department overview and IT security context: Information Technology oversees the effective development, delivery, and operation of computing and information services to enable operations and drive business value. Information Security and Risk develops, implements, and enforces security controls to protect technology assets, conducts incident responses, threat management, vulnerability scanning, and related activities. The IT Governance and Compliance function maintains security policies and IT compliance programs aligned with regulatory, legal, and contractual requirements. We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding information and supporting our mission to improve lives. Job Overview
We are seeking a strategic and experienced Manager of IT Compliance. In this role, you will lead the development, execution, and continuous improvement of our enterprise IT compliance programs, set strategy in collaboration with leadership, and provide direction across a broad set of compliance domains including IT privacy regulations (e.g., HIPAA, GDPR), third-party certification management (e.g., HITRUST, SOC 2), and proactive adherence to emerging regulatory obligations. You will manage a high-performing team and collaborate with legal, privacy, audit, and IT stakeholders to maintain a strong compliance posture. Key Responsibilities
People Leadership:
Lead and develop a team of IT compliance professionals, fostering an inclusive, collaborative, accountable, and high-performing culture. Program Leadership:
Set strategic direction for IT Compliance in alignment with organizational goals and evolving regulatory requirements. IT Privacy Compliance Program:
Oversee design, implementation, and maintenance of the IT privacy program to enable compliance with HIPAA, GDPR, and related requirements, partnering with stakeholders. Third-Party Certifications Management:
Direct governance and readiness for external certifications such as HITRUST and SOC 2, including remediation, cost and support models, and ongoing maintenance. IT Compliance Assessments:
Lead IT-focused compliance and gap assessments across regulations, collaborating with stakeholders. Regulatory Monitoring:
Identify and operationalize compliance to new or evolving regulatory requirements affecting the IT environment. Reporting and Metrics:
Establish KPIs and KRIs and provide leadership with updates on program health, risk exposure, and trends. Advisory Services:
Advise stakeholders across Privacy, Legal, Audit, IT, and business units to ensure regulatory obligations are understood and addressed in IT processes and controls. Qualifications
Bachelor’s degree in a related field or equivalent work experience 10+ years in IT Governance, Risk and Compliance roles (e.g., IT Compliance, IT Risk Management, IT Audit, ERM) preferred Proven leadership with ability to foster an inclusive culture Experience with Internal or External Audit is a plus Deep knowledge of risk and control frameworks and healthcare regulatory requirements Direct experience managing third-party certifications (HITRUST, SOC 2) including readiness and gap assessments Strong understanding of IT environments and data governance practices Excellent interpersonal and presentation skills, with ability to tailor messages Ability to influence and drive actions across cross-functional teams Certifications such as CIPT, CISA, CISSP, and/or CIPP are preferred Anticipated salary range:
$121,600 - $182,385 Bonus eligible:
Yes Benefits:
Cardinal Health offers a wide variety of benefits and programs to support health and well-being. Medical, dental and vision coverage Paid time off plan Health savings account (HSA) 401k savings plan Access to wages before pay day with myFlexPay Flexible spending accounts (FSAs) Short- and long-term disability coverage Work-Life resources Paid parental leave Healthy lifestyle programs Application window
anticipated to close: 9/25/2025 The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including location, education, experience, and internal pay equity. Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply. Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, or other statuses protected by law. To read and review this privacy notice click here (https://www.cardinalhealth.com/content/dam/corp/privacy/cardinal-health-online-application-privacy-policy.pdf)
#J-18808-Ljbffr
Cardinal Health, Inc. is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. Department overview and IT security context: Information Technology oversees the effective development, delivery, and operation of computing and information services to enable operations and drive business value. Information Security and Risk develops, implements, and enforces security controls to protect technology assets, conducts incident responses, threat management, vulnerability scanning, and related activities. The IT Governance and Compliance function maintains security policies and IT compliance programs aligned with regulatory, legal, and contractual requirements. We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding information and supporting our mission to improve lives. Job Overview
We are seeking a strategic and experienced Manager of IT Compliance. In this role, you will lead the development, execution, and continuous improvement of our enterprise IT compliance programs, set strategy in collaboration with leadership, and provide direction across a broad set of compliance domains including IT privacy regulations (e.g., HIPAA, GDPR), third-party certification management (e.g., HITRUST, SOC 2), and proactive adherence to emerging regulatory obligations. You will manage a high-performing team and collaborate with legal, privacy, audit, and IT stakeholders to maintain a strong compliance posture. Key Responsibilities
People Leadership:
Lead and develop a team of IT compliance professionals, fostering an inclusive, collaborative, accountable, and high-performing culture. Program Leadership:
Set strategic direction for IT Compliance in alignment with organizational goals and evolving regulatory requirements. IT Privacy Compliance Program:
Oversee design, implementation, and maintenance of the IT privacy program to enable compliance with HIPAA, GDPR, and related requirements, partnering with stakeholders. Third-Party Certifications Management:
Direct governance and readiness for external certifications such as HITRUST and SOC 2, including remediation, cost and support models, and ongoing maintenance. IT Compliance Assessments:
Lead IT-focused compliance and gap assessments across regulations, collaborating with stakeholders. Regulatory Monitoring:
Identify and operationalize compliance to new or evolving regulatory requirements affecting the IT environment. Reporting and Metrics:
Establish KPIs and KRIs and provide leadership with updates on program health, risk exposure, and trends. Advisory Services:
Advise stakeholders across Privacy, Legal, Audit, IT, and business units to ensure regulatory obligations are understood and addressed in IT processes and controls. Qualifications
Bachelor’s degree in a related field or equivalent work experience 10+ years in IT Governance, Risk and Compliance roles (e.g., IT Compliance, IT Risk Management, IT Audit, ERM) preferred Proven leadership with ability to foster an inclusive culture Experience with Internal or External Audit is a plus Deep knowledge of risk and control frameworks and healthcare regulatory requirements Direct experience managing third-party certifications (HITRUST, SOC 2) including readiness and gap assessments Strong understanding of IT environments and data governance practices Excellent interpersonal and presentation skills, with ability to tailor messages Ability to influence and drive actions across cross-functional teams Certifications such as CIPT, CISA, CISSP, and/or CIPP are preferred Anticipated salary range:
$121,600 - $182,385 Bonus eligible:
Yes Benefits:
Cardinal Health offers a wide variety of benefits and programs to support health and well-being. Medical, dental and vision coverage Paid time off plan Health savings account (HSA) 401k savings plan Access to wages before pay day with myFlexPay Flexible spending accounts (FSAs) Short- and long-term disability coverage Work-Life resources Paid parental leave Healthy lifestyle programs Application window
anticipated to close: 9/25/2025 The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including location, education, experience, and internal pay equity. Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply. Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, or other statuses protected by law. To read and review this privacy notice click here (https://www.cardinalhealth.com/content/dam/corp/privacy/cardinal-health-online-application-privacy-policy.pdf)
#J-18808-Ljbffr