Hiring.fm
Cardinal Health

Engineer, Information Security & Risk – PCI Compliance

IND07 Full time

Company Overview:

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 48,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500 , America's Most Innovative Companies Rank #51,Fortune Sector Leaders : Health Care Rank #5 with a $223 billion. of revenue in FY25

About Cardinal Health International India (CHII) :

This role is part of the Information Security function for Cardinal Health International India Pvt Ltd (CHII). Cardinal Health International India (CHII) is part of the Cardinal Heath Global Technology and Business Services ( GTBS) team. CHII leverages technology to offer scalable and healthcare solutions to enhance efficiency and improve quality of care across the value chain. Our vision is to build a world class capability center that is an intersection of tech-innovation and learning, empowering our people to build solutions which will solve healthcare’s most complex challenges. 

Department overview:

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. The IT Governance and Compliance function within the organization develops, enhances, and maintains security policies and IT compliance programs in alignment with regulatory, legal, and contractual requirements, while collaborating closely with key stakeholders to maintain a security and compliant technology environment.

We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding our information and supporting our mission to improve the lives of people every day.

 We are seeking a detailed-oriented and proactive IT Compliance specialist to support our enterprise PCI DSS Compliance Program.

 

Job Description:

This role requires having an in-depth understanding of local, national, and international privacy and security regulations such as PCI DSS (Payment Card Industry Data Security Standard), and CCPA (California Consumer Privacy Act) and as well as relevant control frameworks to drive compliance to regulatory requirements that impact healthcare organizations.

 

Engineer will play an active role in growing the PCI compliance program to confirm policies, standards, procedures, and assessment activities that are in alignment with Cardinal Health customer, business, IT, and PCI DSS requirements, while working with members of the Information Security and Risk Management team as well as key stakeholders throughout the enterprise such as enterprise architects, IT solution owners, training teams, etc.  Success in the role will be measured by the effectiveness of the implementation and operation of PCI compliance program including coordination and execution of assessments and maintaining documentation and evidence to confirm PCI DSS requirements are met.

 

Key Responsibilities:

  • Serve as the primary coordinator and compliance assessor to drive execution of organization’s PCI DSS compliance program.
  • Conduct assessments and identify control requirements to evaluate compliance against PCI DSS requirements, while collaborating with key stakeholders including finance, IT, information security, and business, as needed.
  • Maintain and manage compliance documentation and evidence collection to support ongoing annual PCI DSS assessments and audits.
  • Collaborate with solution owners and key stakeholders to identify and understand control gaps and vulnerabilities, prioritize based on risk, and recommend action plans that will address root causes. Monitor and manage open issues through closure.
  • Assess current PCI control environment to identify improvement opportunities to streamlines/automate/enhance existing IT controls to improve operational efficiency, while reducing compliance risk and cost, e.g., driving consolidation of payment processors
  • Prepare AOCs/ROCs for 13+ payment processes across multiple business units.
  • Support readiness activities, gap assessments, and remediation efforts in coordination with the PCI DSS Compliance Lead
  • Drive efficiency by utilizing existing control frameworks to understand footprint and reduce evidence asks, e.g., SOX, HIPAA, SOC2, HITRUST
  • Support and grow PCI compliance program in coordination with the PCI DSS Compliance Lead through limiting scope where appropriate, collect evidence, compel vulnerability scanning, document issues in IT GRC tool, educate key stakeholders, and facilitate identification and assignment of required PCI training.
  • Monitor regulatory and industry updates related to PCI DSS to ensure ongoing compliance and risk mitigation.
  • Develop and maintain process documentation, playbooks, and training materials to support PCI DSS Compliance
  • Track and report compliance posture, risks, and remediation status to the PCI DSS Compliance Lead and IT Compliance Manager on an ongoing basis.
  • Partner with various IT teams to facilitate obtaining third party certifications, such as PCI SAQ
  • Assist with cross-training and support for other IT compliance programs as needed (e.g., HIPAA, HITRUST, SOC 2)

 

Qualifications:

  • Bachelor’s Degree in related fields such as cybersecurity, networking, information technology, IT audit or equivalent work experience
  • 5+ years’ experience in related fields such as IT Compliance, IT Audit, GRC function, external audit, etc. with direct involvement in PCI DSS compliance preferred.
  • Strong knowledge of PCI-DSS framework required and experience preparing AOCs and/or ROCs is a plus.
  • Experience conducting PCI risk assessments and proposed mitigating controls.
  • Robust IT understanding with respect to network protocols and architecture, including servers, workstations, VPN technologies, and applications.
  • FW, IDS, IVS, IPS, NAC, encryption, and/or TCP/IP networking skills would be differentiators.
  • Experience in considering security practices for AD & Azure / AWS / GCP environments.
  • Experience with governance, risk and compliance processes, frameworks, etc. tools would be a differentiator, e.g., Archer GRC
  • Strong communication (both written and verbal) and collaboration skills with the ability to work effectively across technical and business teams.
  • Excellent organizational skills, with ability to prioritize and manage multiple tasks and deadlines.
  • Ability to be self-driven and have strong independent initiative, with minimal guidance and can provide coordination of others.
  • Other core competencies such as effective project management, time management, active listening, meeting facilitation, and influencing skills.
  • Experience in analyzing data and automating dashboards to provide visibility into risk and control landscape in IT GRC is a plus.
  • Security, compliance, or risk certifications such as Security+, PCI-QSA, CISA (Certified Information Systems Auditor), and/or CISSP (Certified Information Systems Security Professional) preferred.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here