Apply on Employer Site

Cardinal Health · 2 months ago

Engineer, Information Security & Risk – PCI Compliance

IND07

Full-time

Onsite

Senior Level

5+ years exp

Cardinal Health is a global healthcare services and products company headquartered in Dublin, Ohio. They are seeking a detailed-oriented and proactive IT Compliance specialist to support their enterprise PCI DSS Compliance Program, focusing on ensuring compliance with local, national, and international privacy and security regulations while collaborating with various stakeholders.

Health CareHospitalMedical

H1B Sponsor Likely

Responsibilities

Serve as the primary coordinator and compliance assessor to drive execution of organization’s PCI DSS compliance program

Conduct assessments and identify control requirements to evaluate compliance against PCI DSS requirements, while collaborating with key stakeholders including finance, IT, information security, and business, as needed

Maintain and manage compliance documentation and evidence collection to support ongoing annual PCI DSS assessments and audits

Collaborate with solution owners and key stakeholders to identify and understand control gaps and vulnerabilities, prioritize based on risk, and recommend action plans that will address root causes. Monitor and manage open issues through closure

Assess current PCI control environment to identify improvement opportunities to streamlines/automate/enhance existing IT controls to improve operational efficiency, while reducing compliance risk and cost, e.g., driving consolidation of payment processors

Prepare AOCs/ROCs for 13+ payment processes across multiple business units

Support readiness activities, gap assessments, and remediation efforts in coordination with the PCI DSS Compliance Lead

Drive efficiency by utilizing existing control frameworks to understand footprint and reduce evidence asks, e.g., SOX, HIPAA, SOC2, HITRUST

Support and grow PCI compliance program in coordination with the PCI DSS Compliance Lead through limiting scope where appropriate, collect evidence, compel vulnerability scanning, document issues in IT GRC tool, educate key stakeholders, and facilitate identification and assignment of required PCI training

Monitor regulatory and industry updates related to PCI DSS to ensure ongoing compliance and risk mitigation

Develop and maintain process documentation, playbooks, and training materials to support PCI DSS Compliance

Track and report compliance posture, risks, and remediation status to the PCI DSS Compliance Lead and IT Compliance Manager on an ongoing basis

Partner with various IT teams to facilitate obtaining third party certifications, such as PCI SAQ

Assist with cross-training and support for other IT compliance programs as needed (e.g., HIPAA, HITRUST, SOC 2)

Qualification

PCI DSS complianceIT ComplianceRisk assessmentsCybersecurityGRC toolsNetwork protocolsData analysisSecurity certificationsCommunication skillsOrganizational skillsProject management

Required

Bachelor's Degree in related fields such as cybersecurity, networking, information technology, IT audit or equivalent work experience

Strong knowledge of PCI-DSS framework required

Experience conducting PCI risk assessments and proposed mitigating controls

Robust IT understanding with respect to network protocols and architecture, including servers, workstations, VPN technologies, and applications

FW, IDS, IVS, IPS, NAC, encryption, and/or TCP/IP networking skills would be differentiators

Strong communication (both written and verbal) and collaboration skills with the ability to work effectively across technical and business teams

Excellent organizational skills, with ability to prioritize and manage multiple tasks and deadlines

Ability to be self-driven and have strong independent initiative, with minimal guidance and can provide coordination of others

Other core competencies such as effective project management, time management, active listening, meeting facilitation, and influencing skills

Preferred

5+ years' experience in related fields such as IT Compliance, IT Audit, GRC function, external audit, etc. with direct involvement in PCI DSS compliance preferred

Experience preparing AOCs and/or ROCs is a plus

Experience in considering security practices for AD & Azure / AWS / GCP environments

Experience with governance, risk and compliance processes, frameworks, etc. tools would be a differentiator, e.g., Archer GRC

Experience in analyzing data and automating dashboards to provide visibility into risk and control landscape in IT GRC is a plus

Security, compliance, or risk certifications such as Security+, PCI-QSA, CISA (Certified Information Systems Auditor), and/or CISSP (Certified Information Systems Security Professional) preferred

Company

Cardinal Health

Glassdoor3.7

Cardinal Health is a manufacturer and distributor of medical and laboratory products.

Founded in 1971

Dublin, Ohio, USA

10001+ employees

https://www.cardinalhealth.com

H1B Sponsorship

Cardinal Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (128)

2024 (116)

2023 (140)

2022 (158)

2021 (106)

2020 (142)

Funding

Current Stage

Public Company

Total Funding

$1.08B

2025-08-28Post Ipo Debt· $1B

2006-08-16Post Ipo Debt· $78M

1983-08-12IPO

Leadership Team

Aaron Alt

Chief Financial Officer

Tony Caprio

Executive Vice President

Recent News

Fortune

Inside OpenAI’s ‘code red’

2025-12-19

GlobeNewswire

Global Advanced Wound Care Market to Reach USD 19.32 Billion by 2030 | MarketsandMarkets™

2025-12-18

vcnewsdaily.com

Ember LifeSciences Nabs $16.5M Series A

2025-12-17

Company data provided by crunchbase