Senior Director - Information Security

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose.

If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

What you will be doing

This role is responsible for building strong partnerships with business units, other corporate support functions, and the user community to protect the corporate brand, data, and assets and is responsible for the design, implementation, operation, and maintenance of an information security framework, processes, and systems, that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage, and loss.

Senior Directors are the leaders of Business Information Security Strategy and deliver security and compliance services for an assigned business segment while also leading an ISO center of excellence.

They implement processes and controls, identify risks, protect information, and infrastructure, and lead at least one ISO center of excellence including assessments privacy services, data grooming processes, and strategic, operational, and financial responsibility for the development, implementation, and delivery of appropriate security services and solutions.

They establish a vision and strategy, lead planning and execution of security architecture, application security, data security, and infrastructure security, and ensure effective information security practices and awareness organization-wide.

Our employee experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity.

They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence.

The Senior Director, Information Security :

• Establishes a clear vision, scope, and strategic direction for the Cyber Transformation Office.
• Leads the Cyber Transformation Office to define the detailed program plan, outcomes, and milestones for program workstream deliveries.
• Partners with security strategy and architecture to ensure all workstreams are aligned to the approved cybersecurity vision and strategy.
• Leads the development of a multi-year Cyber Transformation program roadmap and annual planning of initiatives.
• Leads the implementation and operation of the Cyber Transformation program governance model and establishes and maintains relationships with key stakeholders.
• Effectively communicates program status, risks, and mitigating actions to leadership.
• Effectively communicates resource needs and upcoming changes to stakeholders.
• Assess program risks and provides mitigation recommendations and actions for program decision-making.
• Manages overall program budget working with finance.
• Collaborates with workstream and initiative leaders to ensure the delivery of initiatives are done according to defined scope, schedule and cost.
• Manages ambiguity by independently take steps necessary to understand complex business models and technologies to ensure that the program priorities are achieved completely and accurately with no disruption to business operations.
• Ensures the program deliverables are assess against the appropriate controls and processes that ensure compliance to regulatory and contractual obligations (e.

g. Sarbanes-Oxley, ISO 27001, NIST Cyber Security Framework (NIST CSF), HIPAA, PHI, PCI, etc.).

Directly represents the program to business leaders / technical staff at all levels of the company, including preparing and presenting detailed, written information for multiple audiences.

What your background should look like

Education :

Master’s Degree in Business Administration, Computer Science, Information Technology or any other related discipline or equivalent related experience.

Preferred Certifications :

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certification in Information Security Strategy Management (CISM)
• Information Technology Infrastructure Library (ITIL)
• Offensive Security Certified Professional (OSCP)
• Project Management Professional (PMP) Certification
• 12+ years of directly-related or relevant experience with 8+ years in a managerial capacity, preferably in information security.

Behavioral Skills :

• Coaching and Mentoring
• Creativity & Innovation
• Decision Making
• Leadership Skills
• People Management
• Planning
• Risk-taking

Technical Skills :

• IT Risk Management
• IT Controls
• Cyber Attack Mitigation
• Enterprise IT Management
• Network Security
• Service Level Maintenance
• Information Security Strategy Continuity
• Threat Modelling
• Information Security Strategy Standards (SOX, ISO 27001 / 27002, COBIT, ITIL, NIST, PCI)

Tools Knowledge :

• Microsoft Office Suite
• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS / IPS, AV, proxies, etc.
• Security Testing Tools - Open Source and COTS security tools
• Threat Intelligence Tools
• Vulnerability Testing Tools

LI-TK1

LI-REMOTE

What Cencora offers

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day.

In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness.

This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.

To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.