Cardinal Health · 1 month ago
Senior Engineer, IT Governance and Compliance – Third Party Certifications
US-Nationwide-FIELD
Full-time
Onsite
Senior Level, Lead/Staff
$123K/yr - $176K/yr
10+ years expCardinal Health, Inc. is a global healthcare services and products company focused on improving lives through customized solutions. The Senior Engineer will co-lead the third-party certification program, ensuring compliance with various security regulations and managing certification processes effectively.
Health CareHospitalMedical
Responsibilities
Partner with Sales, Business and IT organizations to determine third-party certifications needs and recommend best approach on obtaining and maintaining third-party certifications such as HITRUST and SOC 2 that meet the business needs, while balancing cost of compliance
Develop and implement cost and resource models to help leadership understand funding and resource requirements to obtain and maintain third-party certifications such as HITRUST and SOC-2
Manage third-party certification Program from both build and run perspective. Some of the key responsibilities include:
Partner with HITRUST Alliance and external assessor to identify, understand and incorporate HITRUST and SOC 2 requirements into existing and future CAH certifications
Partner with internal CAH teams to confirm there are processes in place to appropriately meet the needs of HITRUST and SOC 2 requirements, including tracking and resolution of corrective action plans
Coordinate and manage all activities across the third-party certification program including planning, scoping, testing, reporting, and educating key stakeholders as needed to successfully obtain and maintain HITRUST certifications
Develop and manage relevant artifacts to manage the third-party certification program (e.g., SOP, roadmap, RACI, etc.)
Build and implement metrics to report on effectiveness of the third-party certification Program
Lead and mentor team members through all third-party certification activities
Facilitate/assist in response to security assessments and questionnaires
Identify opportunities to streamline and automate processes to manage third-party certification programs more effectively and efficiently, while reducing the overall cost of compliance
Effectively manage and implement changes throughout the organization
Any other duties as assigned
Qualification
Required
Bachelor's Degree in related field or equivalent work experience
Prior experience leading HITRUST and SOC 2 audits in a large healthcare organization
Demonstrated leadership in driving cross-functional governance initiatives
Deep understanding of healthcare industry regulations and standards (e.g., PCI DSS, HIPAA, GDPR, NIST, HITRUST, SOC 2)
Proven experience supporting IT due-diligence and integration during M&A initiatives
Experience building or significantly improving GRC programs within high-growth technology organizations, particularly those dealing with emerging technologies
Experience gathering and analyzing business requirements, translating them into actionable plans and technical specifications
Strong technical knowledge of enterprise IT environments (cloud, network, infrastructure, applications, data lake/data warehouse) and ability to design and implement control framework across it
Hands-on experience with GRC platforms, project management tools, and service management systems, with a focus on scaling and automating GRC processes
Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape
Excellent analytical and problem-solving skills – able to translate technical concepts into business outcomes
Excellent communication skills (both verbal and written) – able to facilitate discussions with leaders at all levels within the organization, work in a matrixed environment to drive results, and clearly define and execute repeatable processes
Excellent time management, active listening, meeting facilitation, and influencing skills
Preferred
10+ years' experience in related field preferred
Professional certifications preferred: CGEIT (Certified in the Governance of Enterprise IT), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control)
Benefits
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Company
Cardinal Health
Cardinal Health is a manufacturer and distributor of medical and laboratory products.
10001+ employees
H1B Sponsorship
Cardinal Health has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (128)
2024 (116)
2023 (140)
2022 (158)
2021 (106)
2020 (142)
Funding
Current Stage
Public CompanyTotal Funding
$1.08B2025-08-28Post Ipo Debt· $1B
2006-08-16Post Ipo Debt· $78M
1983-08-12IPO
Leadership Team
Aaron Alt
Chief Financial Officer
T
Tony Caprio
Executive Vice President
Recent News
2026-01-12
Company data provided by crunchbase