Information Security Engineer

What IT Network & Telecommunications contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Job Purpose:

Directly accountable for safeguarding the organization’s information assets. The role involves designing, implementing, and enforcing security protocols and procedures that mitigate risks and ensure compliance.  With heavy focus in information security operations, including vulnerability management, incident/event management, compliance management, policy/procedure development and information security awareness.

This responsibility will be carried out through the development of information security requirements, planning, design, implementation, and periodic audit/validation of effectiveness of all security controls.

Essential Functions:

• Determine information security requirements by evaluating and researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; and identifying integration issues.
• Design, and implement security controls for our infrastructure and critical systems.
• Verify information security systems effectiveness by developing and implementing testing and validation processes to periodically audit systems.
• Collaborate with managed security service provider (MSSP) to ensure their services are effectively delivered to our organization and validate that alerts are properly acted upon to mitigate identified threats.
• Support security incident response activities utilizing security tools (SIEM/SOAR)
• Collaborate in the development of a Business Continuity and Disaster Recovery plan.
• Prepare system security reports by collecting, analyzing, and summarizing data and trends.
• Track and understand emerging security practices and threats.  Leverage this knowledge to improve security configurations across the enterprise and hunt for potential or active threats.
• This role will be responsible for monitoring Healthcare industry and regulatory trends to ensure prompt and complete action plans are developed and implemented to address such requirements.
• Serve as the liaison for audit activities related to the areas of information security.
• This will also include maintaining ongoing cybersecurity risk profile using the recommended industry tools, and being certain that activities which keep us aligned with our target levels are implemented.
• Demonstrable expertise in implementing, managing, and fine-tuning security controls using a variety of security tools and frameworks. Specific experience with Palo Alto firewalls and Palo Alto suite of security tools, Fortinet Fortigate Firewalls, Meraki, Active Directory and other infrastructure tools as identified.
• In-depth experience with Identity and Access Management (IAM), specifically in designing and implementing IAM solutions for provisioning, de-provisioning, and role-based access controls within the organization. Familiarity with industry standard IAM solutions and best practices is a must.
• Familiarity with monitoring and managing security incidents, including the use of Security Information and Event Management (SIEM) tools.
• Proven track record in working with cross-functional teams to address security and compliance challenges, specifically in a Healthcare environment.
• Experience in developing and implementing security policies and procedures that align with industry regulations such as PCI and HIPPA.
• Previous involvement in handling external and internal audits related to information security, along with remediation of identified issues.
• A high level of problem-solving skills and the ability to communicate in a clear, concise manner.
• Must be able to communicate effectively in both oral and written form and explain technical concepts in non-technical terms to staff and prepare clear and concise written communications.
• Must be able to manage multiple projects/tasks concurrently; and prioritize requests and complete assignments within an estimated timeframe; and organize, schedule, and coordinate a variety of activities and projects.
• Must have the ability to learn new software and hardware packages and adapt to changes in technology.

Qualifications and Education Requirements:

• Bachelor’s Degree in computer science or Equivalent work experience
• At least 5 years of experience in information security
• Excellent written communication skills.
• Strong organizational and planning skills.
• Demonstrates a high degree of personal integrity and practices ethical standards. Must remain objective and independent when completing assignments, and consistently demonstrate the ability to hold information in confidence.
• Demonstrated proactiveness and an ability to work independently and self-directed in managing multiple concurrent projects.
• Excellent analytical and problem-solving skills

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here