Senior Engineer, IT Governance and Compliance

Company Overview :

Cardinal Health, Inc. (NYSE : CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare’s most trusted partner, our customer‑centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500.

Department Overview :

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back‑up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments.

IT Governance and Compliance function within the organization develops, enhances, and maintains security policies and IT compliance programs in alignment with regulatory, legal, and contractual requirements, while collaborating closely with key stakeholders to maintain a security and compliant technology environment.

We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding our information and supporting our mission to improve the lives of people every day.

Job Overview :

We are seeking a strategic and experienced Senior Engineer for IT Governance and Compliance , who will be responsible for the design, implementation and continuous improvements of IT governance frameworks, controls, and compliance processes across the organization. This role will also serve as a senior technical and strategic resource ensuring IT operations, projects, and M&A activities are aligned with enterprise standards, regulatory requirements and industry’s best practices. In this role, you will have the opportunity to lead meaningful work, collaborate across functions, and help shape the future of our IT Governance and Compliance strategy.

This role is a leader position within the IT Governance and Compliance team and requires having an in-depth understanding of key privacy and security regulations within healthcare industry such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), FDA (Food and Drug Administration) / GxP / CSV (Computer System Validation), DSCSA (Drug Supply Chain Security Act), as well as relevant governance frameworks to drive compliance to those regulatory requirements such as NIST, HITRUST, SOC 2, ISO, COBIT, ITIL, etc., while working with members of the Information Security and Risk Management team as well as stakeholders from Finance, Legal, Ethics & Compliance, Internal Audit and our various business segment leadership teams throughout the Cardinal Health enterprise.

Responsibilities :

• Lead the development, implementation and maintenance of the IT governance framework in alignment with industry standards.
• Partner with IT and business leaders to embed governance principles across IT eco‑system.
• Define and monitor key risk and performance indicators to ensure continuous compliance and operational excellence.
• Conduct periodic control assessments to confirm IT regulatory / compliance requirements are met (e.g., PCI‑DSS, HIPAA, DFARS / CMMC).
• Collaborate with solution owners and key stakeholders to identify and understand control gaps and vulnerabilities, prioritize based on risk, and recommend action plans that will address root causes. Monitor and manage open issues through closure to improve the IT compliance posture.
• Act as an "IT Compliance Lead" on programs / projects including M&A initiatives to direct processes and people through influence to confirm key IT compliance requirements are identified and met through cross‑functional collaboration across key stakeholders (e.g., Cybersecurity, Finance, Internal Audit, Legal and Compliance, IT / Business Leadership team).
• Conduct discovery / impact assessments of target organizations through M&A and / or future‑state IT environment to identify regulatory / compliance requirements and controls required to meet the requirements.
• Develop and track remediation roadmaps to improve compliance posture of the future state IT environment.
• Provide oversight to confirm compliance requirements are being designed and implemented and risks / issues are reported to the leadership timely.
• Act as a trusted advisor to IT and business leadership as well as key stakeholders on IT compliance and governance processes.
• Support internal and external audit processes to confirm timely responses and evidence collection.
• Mentor team members and promote a culture of accountability and continuous improvement.
• Effectively manage and implement changes throughout the organization.
• Be a thought‑leader and implementer of optimizing and automating GRC processes.
• Shape the evolution of our GRC management program, helping build and refine processes that scale with our growing organization.

Qualifications :

Anticipated salary range :

$123,400 - $176,300

Bonus eligible : Yes

Benefits :

Paid parental leave

Application window anticipated to close :

12 / 28 / 2025

Salary disclaimer :

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

EEO Statement :

Candidates who are back‑to‑work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity / expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

Privacy Notice :

To read and review this privacy notice click here https : / / www.cardinalhealth.com / content / dam / corp / email / documents / corp / cardinal-health-online-application-privacy-policy.pdf

#J-18808-Ljbffr