Apply on Employer Site

Cencora · 1 day ago

Senior Director of Cybersecurity Assessments and Assurance

United States

Full-time

Remote

Director/Executive

10+ years exp

Cencora is an innovative company focused on creating healthier futures. They are seeking a Senior Director of Cybersecurity Assessments and Assurance to lead the cybersecurity assessment and assurance program, ensuring compliance with IT regulatory requirements and enhancing the organization's cybersecurity posture.

Emergency MedicineEnterprise SoftwareHealth CareMedicalPharmaceutical

Responsibilities

Develop and lead a comprehensive cybersecurity assessments and assurance program to evaluate the security posture of the organization and its vendors

Oversee infrastructure and application compliance assessments to ensure alignment with security policies, frameworks, and regulatory standards

Design and execute annual critical assessments of key systems, applications, and processes, identifying gaps and driving remediation efforts

Manage the organization's third-party certifications (e.g., SOC 1, SOC 2, ISO 27001, NIST), ensuring timely attainment and renewal through effective coordination with internal teams and external auditors

Own the third-party risk assessment process, ensuring thorough onboarding, evaluation, and periodic reassessment of vendors

Oversee continuous monitoring of critical vendors to evaluate their adherence to contractual obligations, security requirements, and industry standards

Collaborate with procurement, legal, and vendor management teams to review and negotiate cybersecurity and data privacy clauses in contracts

Develop and maintain a risk-based methodology to prioritize and focus efforts on high-risk vendors and critical third-party relationships

Ensure compliance with applicable IT regulatory requirements, including but not limited to HIPAA, PCI-DSS, GxP, GDPR, and CCPA

Monitor the evolving landscape of cybersecurity regulations and standards, providing guidance to internal stakeholders on compliance obligations

Lead internal and external audits related to regulatory compliance, ensuring timely responses, remediation, and reporting

Collaborate with legal and compliance teams to address regulatory inquiries, assessments, and reporting needs

Implement and oversee a continuous monitoring program for critical systems, applications, and third-party relationships, leveraging tools and automation where possible

Establish and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of cybersecurity assessments, vendor management, and compliance programs

Provide regular reporting to senior leadership on the organization’s cybersecurity posture, highlighting risks, trends, and remediation progress

Lead and mentor a high-performing team of cybersecurity professionals responsible for assessments, assurance, and compliance activities

Foster collaboration with cross-functional teams, including IT, legal, procurement, internal audit, and business units, to align cybersecurity efforts with organizational objectives

Serve as the primary liaison with external auditors, regulators, and certification bodies, ensuring effective communication and coordination

Act as a trusted advisor to senior leadership, providing insights and recommendations on risk management, compliance, and assurance strategies

Qualification

Cybersecurity frameworksThird-party risk managementRegulatory complianceProject managementAnalytical skillsCommunication skillsLeadershipStrategic thinkingCISSPCISMCISAISO 27001 certificationCTPRPGRC certifications

Required

Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field

10+ years of experience in cybersecurity, risk management, or compliance, with at least 5 years in a leadership role managing teams and programs

Strong experience in third-party risk management, cybersecurity assessments, and regulatory compliance

In-depth knowledge of cybersecurity frameworks and standards, including SOC 1, SOC 2, ISO 27001, NIST CSF, and CIS Controls

Strong understanding of IT regulatory compliance requirements, including HIPAA, PCI-DSS, GDPR, GxP, and other applicable standards

Proven experience managing third-party risk assessment programs, including vendor onboarding, continuous monitoring, and contract reviews

Expertise in leading infrastructure and application compliance assessments to ensure adherence to internal policies and external requirements

Strong project management skills, with the ability to coordinate complex assessments, audits, and certifications across multiple teams and stakeholders

Exceptional communication and interpersonal skills, with the ability to influence and collaborate with senior leaders, technical teams, and external partners

Strong analytical and problem-solving skills, with the ability to identify risks, recommend mitigations, and drive resolution