IT Privacy Compliance Program Lead

Cardinal Health Overview:

Headquarters in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for health care facilities.

We are a crucial link between the clinical and operational sides of care, working with more than 4,500 sourcing and manufacturing partners to deliver end-to-end solutions and data-driven insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives, and innovative digital solutions, we build connections across the continuum of care.

With 50 years of experience, approximately 44,000 employees and operations in more than thirty countries, Cardinal Health seizes the opportunity to address healthcare’s most complicated challenges — now, and in the future.

Department Overview:

Information Security and Risk Management (ISRM) at Cardinal Health enables Cardinal Health to securely deliver healthcare products and solutions that improve the lives of people every day by ensuring security and controls is embedded into Cardinal Health’s people, process, and technology.

We currently have a career opening for a Sr. Engineer, Information Security and Risk, who will play a Program Lead role focused on driving IT Privacy Compliance for the organization.

Job Overview:

This role is a leader position within the team and requires having an in-depth understanding of local, national and international privacy and security regulations such as HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) as well as relevant control frameworks to drive compliance to those regulatory requirements, while working with members of the Information Security and Risk Management team as well as privacy leaders in Legal, Ethics & Compliance and our various businesses throughout the Cardinal Health enterprise.  Senior Engineer will be responsible for assessing current IT Privacy Compliance Program, while building and implementing a roadmap to enhance it to drive IT Privacy Compliance throughout the organization.

Accountabilities:

• Lead the IT Privacy Compliance Program as a “Second Line of Defense” function.
• Stay current on privacy regulatory requirements and assess impact on the organization, while implementing how to comply with the impacted requirements.
• Perform current-state assessments to identify and implement enhancement to the program to address local, national, and international IT privacy and data protection requirements (both regulatory and contractual)
• Implement a risk-based approach to performing IT Privacy Compliance Assessments.
• Build and implement metrics to report on effectiveness of the IT Privacy Compliance Program
• Partner with Legal counsel and Ethics & Compliance leaders to address regulatory or compliance requirements, issues, concerns, or questions.
• Partner with IT and IT Security in the development of policies, procedures, and practices in support of privacy and data protection compliance.
• Partner with a peer on privacy by design implementation for the organization.
• Identify opportunities to automate various privacy and data protection compliance activities to reduce the overall cost of compliance.
• Lead IT Privacy Compliance team on building, running, and managing the program success, while addressing challenges and opportunities.
• Mentor members of the team on how to effectively perform compliance assessments, track and manage issues, build and report on metrics and continue to mature the program.
• Effectively manage and implement changes throughout the organization.

Qualifications:

• Bachelor’s Degree in related field or equivalent work experience
• 10+ years’ experience in related field preferred
• Prior experience with key IT Privacy regulation compliance including HIPAA and GDPR compliance.
• Prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT Privacy regulatory compliance.
• Prior experience working with Internal or External Audit functions are a plus.
• Prior experience with GRC (Governance, Risk and Compliance)
• Experience with IT risk and controls identification and assessments including IT control design and effectiveness testing.
• Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape.
• An ideal candidate will have excellent communication skills (both verbal and written) with leaders at all levels within the organization, an ability to work in a matrixed environment to drive results, and the ability to clearly define and execute repeatable processes.
• An ideal candidate will have effective time management, active listening, meeting facilitation, and influencing skills.
• The ability to effectively navigate a variety of challenging environments, prioritize work and determine when to escalate to upper management.
• Security, compliance, or risk certifications such as CIPT (Certified Information Privacy Technologist), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are a plus.

Anticipated salary range: $121,600 - $173,700

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs

Application window anticipated to close: 6/25/2025 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here