Cencora
Get AI-powered advice on this job and more exclusive features.
Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
Summary
This role is responsible for building strong partnerships with business units, other corporate support functions, and the user community to protect the corporate brand, data, and assets. It is responsible for the design, implementation, operation, and maintenance of an information security framework, processes, and systems that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage, and loss. Senior Directors are the leaders of Business Information Security Strategy and deliver security and compliance services for an assigned business segment while also leading an ISO center of excellence. They implement processes and controls, identify risks, protect information and infrastructure, and lead at least one ISO center of excellence including assessments, privacy services, data grooming processes, and the strategic, operational, and financial responsibility for the development, implementation, and delivery of appropriate security services and solutions. They establish a vision and strategy, lead planning and execution of security architecture, application security, data security, and infrastructure security, and ensure effective information security practices and awareness organization-wide. Our employee experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity. They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence. Responsibilities
Leads the implementation and management of appropriate controls and processes that ensure organizational compliance to regulatory and contractual obligations (e.g. Sarbanes-Oxley, ISO 27001, NIST CSF, HIPAA, PHI, PCI, etc.). Establishes wide-ranging business relationships to understand security needs in order to prioritize security engagements and acts as the key contact for all security efforts within a business segment, assisting with prioritization of ISO efforts. Establishes and leads at least one center of excellence within ISO to provide continuous process improvement and standardization. Leads the implementation and operation of the information security governance model for a major division; maintains relationships with key business unit leaders to identify information security policies, assets, threats, standards, and procedures and architect the appropriate security measures into the model. Assesses risks of all kinds, internal and external, and provides intelligence and direction to protect the corporate brand, data and assets. Acts as the trusted advisor for security, risk, compliance and governance matters and supports the enablement of business segment security capabilities via balanced risk decisions. Sets goals and KPIs, creates budget, and manages the overall performance of the Information Security Strategy team. Establishes a vision and strategy, leads planning and execution of security architecture, application security, cloud security, data security, and infrastructure. Manages security architecture, cyber resiliency and risk and compliance resources with business objectives to ensure security is applied appropriately and prioritized based on risk. Delivers security services (architecture, risk/compliance/DR, etc.) for numerous business and IT-lead projects running in parallel. Leads, develops and mentors teams of Information Security Strategy and IS IT Risk Management professionals as well as contractors, vendors and service providers. Guides IT executives and business leaders regarding risks to information security and business operations and the responsibilities required to mitigate those risks. Builds metrics and KPIs and provides regular reporting on program maturity, risk posture and regulatory compliance. Works with leadership to define a quantitative framework for assessing risks and guiding IT and business teams. Owns strategy and vision for IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining security policies and procedures for a growth-stage biotechnology company. Oversees and administers the cyber security policy, works with the SOC team to identify incidents and report incidents to leadership and human resources. Ensures regulatory reporting is completed in required timelines and reports are submitted to appropriate agencies and stakeholders. Stays informed about information security trends and collaborates with executive leadership to strategize and recommend changes and updates to the company. Education and Qualifications
Master’s Degree in Business Administration, Computer Science, Information Technology or related discipline or equivalent related experience. Preferred Certifications
Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certification in Information Security Strategy Management (CISM) Information Technology Infrastructure Library (ITIL) Offensive Security Certified Professional (OSCP) Project Management Professional (PMP) Certification Experience
12+ years of directly-related or relevant experience with 8+ years in a managerial capacity, preferably in information security. Behavioral Skills
Coaching and Mentoring Creativity & Innovation Decision Making Leadership Skills People Management Planning Risk-taking Technical Skills
IT Risk Management IT Controls Cyber Attack Mitigation Enterprise IT Management Network Security Service Level Maintenance Information Security Strategy Continuity Threat Modelling Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI) Tools Knowledge
Microsoft Office Suite Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, VPN IDS/IPS, AV, proxies, etc. Security Testing Tools - Open Source and COTS security tools Threat Intelligence Tools Vulnerability Testing Tools What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. This includes medical, dental, and vision care, plus a comprehensive suite of wellness-focused benefits for physical, emotional, financial, and social wellbeing. Details vary by location. For information, visit the company site. Full-time Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned. Affiliated Companies: AmerisourceBergen Services Corporation Seniority level: Director Employment type: Full-time Job function: Information Technology Industries: Hospitals and Health Care Referrals increase your chances of interviewing at Cencora by 2x. Get notified about new Director Information Security jobs in Texas, United States. Director Governance, Risk & Compliance (GRC) – Dallas, TX $75,000 - $130,000 18 hours ago
#J-18808-Ljbffr
This role is responsible for building strong partnerships with business units, other corporate support functions, and the user community to protect the corporate brand, data, and assets. It is responsible for the design, implementation, operation, and maintenance of an information security framework, processes, and systems that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage, and loss. Senior Directors are the leaders of Business Information Security Strategy and deliver security and compliance services for an assigned business segment while also leading an ISO center of excellence. They implement processes and controls, identify risks, protect information and infrastructure, and lead at least one ISO center of excellence including assessments, privacy services, data grooming processes, and the strategic, operational, and financial responsibility for the development, implementation, and delivery of appropriate security services and solutions. They establish a vision and strategy, lead planning and execution of security architecture, application security, data security, and infrastructure security, and ensure effective information security practices and awareness organization-wide. Our employee experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity. They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence. Responsibilities
Leads the implementation and management of appropriate controls and processes that ensure organizational compliance to regulatory and contractual obligations (e.g. Sarbanes-Oxley, ISO 27001, NIST CSF, HIPAA, PHI, PCI, etc.). Establishes wide-ranging business relationships to understand security needs in order to prioritize security engagements and acts as the key contact for all security efforts within a business segment, assisting with prioritization of ISO efforts. Establishes and leads at least one center of excellence within ISO to provide continuous process improvement and standardization. Leads the implementation and operation of the information security governance model for a major division; maintains relationships with key business unit leaders to identify information security policies, assets, threats, standards, and procedures and architect the appropriate security measures into the model. Assesses risks of all kinds, internal and external, and provides intelligence and direction to protect the corporate brand, data and assets. Acts as the trusted advisor for security, risk, compliance and governance matters and supports the enablement of business segment security capabilities via balanced risk decisions. Sets goals and KPIs, creates budget, and manages the overall performance of the Information Security Strategy team. Establishes a vision and strategy, leads planning and execution of security architecture, application security, cloud security, data security, and infrastructure. Manages security architecture, cyber resiliency and risk and compliance resources with business objectives to ensure security is applied appropriately and prioritized based on risk. Delivers security services (architecture, risk/compliance/DR, etc.) for numerous business and IT-lead projects running in parallel. Leads, develops and mentors teams of Information Security Strategy and IS IT Risk Management professionals as well as contractors, vendors and service providers. Guides IT executives and business leaders regarding risks to information security and business operations and the responsibilities required to mitigate those risks. Builds metrics and KPIs and provides regular reporting on program maturity, risk posture and regulatory compliance. Works with leadership to define a quantitative framework for assessing risks and guiding IT and business teams. Owns strategy and vision for IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining security policies and procedures for a growth-stage biotechnology company. Oversees and administers the cyber security policy, works with the SOC team to identify incidents and report incidents to leadership and human resources. Ensures regulatory reporting is completed in required timelines and reports are submitted to appropriate agencies and stakeholders. Stays informed about information security trends and collaborates with executive leadership to strategize and recommend changes and updates to the company. Education and Qualifications
Master’s Degree in Business Administration, Computer Science, Information Technology or related discipline or equivalent related experience. Preferred Certifications
Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certification in Information Security Strategy Management (CISM) Information Technology Infrastructure Library (ITIL) Offensive Security Certified Professional (OSCP) Project Management Professional (PMP) Certification Experience
12+ years of directly-related or relevant experience with 8+ years in a managerial capacity, preferably in information security. Behavioral Skills
Coaching and Mentoring Creativity & Innovation Decision Making Leadership Skills People Management Planning Risk-taking Technical Skills
IT Risk Management IT Controls Cyber Attack Mitigation Enterprise IT Management Network Security Service Level Maintenance Information Security Strategy Continuity Threat Modelling Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI) Tools Knowledge
Microsoft Office Suite Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, VPN IDS/IPS, AV, proxies, etc. Security Testing Tools - Open Source and COTS security tools Threat Intelligence Tools Vulnerability Testing Tools What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. This includes medical, dental, and vision care, plus a comprehensive suite of wellness-focused benefits for physical, emotional, financial, and social wellbeing. Details vary by location. For information, visit the company site. Full-time Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned. Affiliated Companies: AmerisourceBergen Services Corporation Seniority level: Director Employment type: Full-time Job function: Information Technology Industries: Hospitals and Health Care Referrals increase your chances of interviewing at Cencora by 2x. Get notified about new Director Information Security jobs in Texas, United States. Director Governance, Risk & Compliance (GRC) – Dallas, TX $75,000 - $130,000 18 hours ago
#J-18808-Ljbffr