Total 2 information technology job vacancies in US-CA Los Angeles

Cardinal Health Overview:

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for health care facilities.

We are a crucial link between the clinical and operational sides of care, working with more than 4,500 sourcing and manufacturing partners to deliver end-to-end solutions and data-driven insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives and innovative digital solutions, we build connections across the continuum of care.

With 50 years of experience, approximately 44,000 employees and operations in more than 30 countries, Cardinal Health seizes the opportunity to address healthcare’s most complicated challenges — now, and in the future.

Department Overview:

Information Security and Risk Management (ISRM) at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls is embedded into Cardinal Health’s people, process and technology.

We currently have a career opening for a Sr. Engineer, Information Security and Risk, who will play an IT Privacy Compliance Program Run Lead role focused on driving IT Privacy Controls & Compliance for the organization.

Job Overview:

This role is a leader position within the team and requires having an in-depth understanding of local, national and international privacy and security regulations such as HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) as well as relevant control frameworks to drive compliance to those regulatory requirements such as NIST, ISO, etc., while working with members of the Information Security and Risk Management team as well as privacy leaders in Legal, Ethics & Compliance and our various businesses throughout the Cardinal Health enterprise.  Senior Engineer will be responsible for managing operational activities (i.e., “Run”) of the IT Privacy Compliance Program, including confirming all assessments are completed, issue management and maintaining operational metrics. 

Daily Responsibilities:

• Leader over the “Run” activities of the IT Privacy Compliance Program as a Second Line of Defense (LOD) function.  Some of the key responsibilities include:
  • Create and manage calendar of IT Privacy Risk Assessments, while collaborating with appropriate risk functions to reduce redundancy of efforts, enhance reliance on Second LOD, and provide coverage across in-scope assets.
  • Lead management of all issues resulting from assessments to confirm appropriate stakeholder visibility and remediation recommendation, appropriate issue lead assignments, appropriate issue validation prior to closure, etc.
• Collaborate with IT Privacy Compliance Program Build Lead on driving overall success of the program.
• Build and implement metrics to report on effectiveness of the IT Privacy Compliance Program
• Partner with Legal counsel and Ethics & Compliance leaders to address regulatory or compliance requirements, issues, concerns or questions.
• Partner with IT and IT Security in the development of policies, procedures and practices in support of privacy and data protection compliance.
• Collaborate with IT and business leaders and team to provide guidance on doing privacy by design and remediating issues identified to enhance compliance to the regulatory requirements.
• Identify opportunities to automate various privacy and data protection compliance activities to reduce the overall cost of compliance.
• Mentor members of the team on how to effectively perform compliance assessments, complying to IT privacy regulation requirements, consultation on issue remediation recommendations and alternative solutions, etc.
• Effectively manage and implement change throughout the organization.

Qualifications:

• Bachelor’s Degree in related field or equivalent work experience
• 10+ years’ experience in related field
• Prior experience with key IT Privacy regulation compliance including HIPAA and GDPR compliance.
• Prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT Privacy regulatory compliance.
• Prior experience working with Internal or External Audit functions are a plus.
• Experience with IT risk and controls identification and assessments including IT control design and effectiveness testing.
• Experience with GRC (Governance, Risk and Compliance)
• Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape.
• Ideal candidate will have excellent communication skills (both verbal and written) with leaders at all levels within the organization, an ability to work in a matrixed environment to drive results, and the ability to clearly define and execute repeatable processes.
• Ideal candidate will have an effective time management, active listening, meeting facilitation, and influencing skills.
• Ability to effectively navigate a variety of challenging environments, prioritize work and determine when to escalate to upper management.
• Security or risk certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are a plus.

Anticipated salary range: $119,800 - $171,100

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs

Application window anticipated to close: 3/11/2024 *if interested in opportunity, please submit application as soon as possible.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.

Cardinal Health’s Information Security team aims to be a world-class cybersecurity and risk management organization that enables Cardinal Health to be healthcare’s most trusted partner. We are a remote-first team and are excited to offer full-time remote opportunities. We currently have a full-time career opening for an Information Security and Risk Engineer role within the Information Security Organization. This role will report to the manager of IT control compliance council within our Information Security Team and will serve as the first line of defense role responsible for defining, implementing, and evaluating the effectiveness of IT controls.

Qualifications:

• Bachelor’s Degree in related field or equivalent work experience
• 4+ years’ experience in related field preferred, such as IT audit, IT compliance function
• Strong understanding and experience with SOX and/or other regulatory compliance processes
• Team Player and Collaborative – Ability to work well with team members to achieve the desired results
• Willing to independently navigate through complex scenarios and uncharted compliance topics
• Ability to multi-task with organization, efficiency, accountability, and attention to detail
• Driven and self-motivated to learn new technologies and achieve objectives
• A great & effective verbal and written communicator
• Professional certification preferred: CISA, CISSP, CISM, CRISC

Essential Duties and Responsibilities:

• Perform IT risk assessment for pilot areas and identify control gap
• Work with IT stakeholders to design effective IT controls and monitor the execution to manage risk and ensure compliance with regulations (e.g., SOX, HIPAA, GDPR)
• Design IT controls that increase operational efficiency and reduces the likelihood of control failure (e.g., automated and preventative controls vs. manual and detective)
• Challenge status quo - recommend new or improved controls to keep IT applications current with industry standards and compliance requirements.
• Carry out analysis on third party audit reports, such as SOC 1/2, to identify potential control issues.
• Track and drive remediation of IT control issues within our IT risk governance process Strong in educating/influencing of IT stakeholders to raise awareness and promote a mindset focused on IT controls and compliance
• Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and responding to external assessments.
• Collaborate cross-functionally within the information security and risk management department to ensure alignment with existing compliance, risk management and information security activities
• Research new security compliance requirements and assist in the evaluation of compliance control requirements.
• Any other duties that may be required as assigned

Experiences:

• Experience participating in external control audits; SOX and/or SOC1/2 Type II audit experiences are preferred
• Solid working knowledge of governance frameworks including NIST, ISO27000, FedRAMP
• Experience with Corrective Action Plans (CAP) to remediate deficiencies identified through monitoring, auditing, or a Compliance Issue Report (CIR). These activities should consist of improvements to health plan processes or vendor processes taken to eliminate causes of non-compliance or other issues
• Strong personality, ability, and credibility to influence key decision-makers, and highly technical resources.
• Strong Knowledge/experience of IT controls for mainstream ERPs, such as SAP, is a plus
• Strong in root cause analysis and problem solving
• Strong flowcharting skill is a plus
• Experience with IT risk governance software (i.e. Archer, AuditBoard, ServiceNow GRC) is a plus

Anticipated salary range: $92,100 - $131,600

Bonus eligible: No

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs

Application window anticipated to close: 3/11/2024 *if interested in opportunity, please submit application as soon as possible.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here