Sr IT Security and Privacy Engineer-Analyst

Cardinal Health

  • Full Time

What Information Security and Risk contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization’s technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.


Collaborates with Privacy and Information Security leadership to assure compliance with federal and state privacy and information security laws and regulations, including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and the organization’s privacy and information security policies and procedures. Responsible for leading and overseeing the planning, execution, and management of regulatory, investigative, and educational-based projects. Develops and delivers privacy and information security awareness and compliance education and training for the enterprise and oversees investigations with oversight from Privacy and Information Security leadership on regulatory matters and concerns.

Support the organization’s overall Cybersecurity posture and culture

Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives

Use strong technical, process, and interpersonal skills to effectively analyze information systems, research and validate risks

Responsible for providing enterprise security solutions for business, regulatory, and legal requirements, and assuring the confidentiality, integrity, and availability of information assets

Review policies, procedures, system design, security controls, risk assessment, and risk management practices against NIST Cybersecurity Framework, NIST 800-53 and other standard security frameworks

Oversee Business Resiliency and Disaster Recovery

Work with senior organization management, security, and corporate compliance officer to establish governance for the privacy program

Provide assessment support to sales, business, and technology associates

Provide support and work with legal, sales, and business in reviewing/updating MSA, BAA, RFP/RFI

Collaborate with the information security officer to ensure alignment between security and privacy compliance programs, including policies, practices, investigations, and acts as a liaison to the information systems department

Establishes, with the information security officer, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information

Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation

Develops, delivers, and oversees initial and ongoing privacy training to the workforce.

Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.

Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.

Serves as information privacy resource to the organization regarding the release of information and all departments for all privacy-related issues.


Bachelor’s degree in Information Technology in health information management or a related healthcare field preferred

5+ years of experience in the field preferred

Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53

Experience in understanding of HIPAA regulatory specifications and compliance requirements

Strong analytic, troubleshooting skills; can problem solve, organize, and manage multiple cybersecurity tasks and projects in a health information system environment

Knowledge of Cybersecurity Analysis, processes, and tools and reporting

Strong understanding of risk management concepts, metrics, and reporting methodologies

Self-driven education to stay abreast of security developments and threats

Team-oriented; active participant in team and project meetings.

CISSP, CRISC, CISA, CISM, or similar certification

Excellent organizational and problem-solving skills

Excellent verbal and written communication skills

Proficient with Microsoft Office Suite

What is expected of you and others at this level

Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects

Participates in the development of policies and procedures to achieve specific goals

Recommends new practices, processes, metrics, or models

Works on or may lead complex projects of large scope

Projects may have significant and long-term impact

Provides solutions which may set precedent

Independently determines method for completion of new projects

Receives guidance on overall project objectives

Acts as a mentor to less experienced colleagues

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here (

We are a team of nearly 48,000 mission-driven partners striving each day to advance healthcare and improve lives. We are Essential to care.

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for health care facilities

We are a crucial link between the clinical and operational sides of care, working with more than 4,500 sourcing and manufacturing partners to deliver end-to-end solutions and data-driven insights that advance healthcare and improve lives every day. With deep partnerships, diverse perspectives and innovative digital solutions, we build connections across the continuum of care.

With 50 years of experience, approximately 44,000 employees and operations in more than 30 countries, Cardinal Health seizes the opportunity to address healthcare’s most complicated challenges — now, and in the future.

On Thursday, Jan. 7, 2021, we celebrated the day our founder, Bob Walter, had the vision to start a business that became known as Cardinal Health.

One of the most important ways we celebrated was by giving back to the communities where we live and work. 2021 was a “Year of Service” for all Cardinal Health employees around the world.

View Cardinal Health on YouTube (

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Job Overview
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Receive privacy jobs in your mailbox twice per week:

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use