Director - OT Security Architecture & Engineering

The charter of the Information Security Office (ISO) is to partner with Cencora's business units, other corporate support functions, and user community to protect the corporate brand, data and assets. The ISO leader is responsible for the design, implementation, operation and maintenance of an information security framework, processes and systems, that protect Cencora's business, services, information and systems against unauthorized use, disclosure, modification, damage and loss. Under general direction of the VP, Information Security Risk, the Leader of Corporate Functions Information Security is responsible for delivering security and compliance services for IT and Shared Services functions while also leading an ISO center of excellence.

• Lead the implementation and management of appropriate controls and processes that ensure organizational compliance to regulatory and contractual obligations (e.g. Sarbanes-Oxley, ISO 27001, NIST Cyber Security Framework (NIST CSF), HIPAA, PHI, PCI, etc.).

• Establish corporate function and IT relationships to understand security needs in order to appropriately prioritize security engagements.

• Establish and lead one center of excellence within ISO to provide continuous process improvement and standardization (architecture, compliance, risk or DR).

• Lead the implementation and operation of the information security governance model for corporate functions which includes establishing and maintaining relationships across shared services organizations including IT.

• Assess risks of all nature, internal and external, provides intelligence and direction and actionable decision-making, to protecting the corporate brand, data and assets.

• Partner with key corporate function leaders to identify the critical business assets (services, processes, information and systems), assess the potential threats and associated risks and architect the appropriate and cost-effective security measures to ensure availability and safeguarding of intellectual property.

• Manage security architecture, cyber resiliency and risk and compliance resources to ensure security is applied appropriately and prioritized based on risk.

• Partner with Cyber, Identity, Awareness and other Risk-related teams throughout the business to understand and quantify broader risks throughout the environment.

• Lead, develop and mentor teams of Information Security and IS Risk Management professionals as well as contractors, vendors and services providers

• Financial responsibilities including management of budgets, controls and measurements to monitor progress.

• Guide and consult IT executives and business leaders regarding risks to information security and business operations as well as the necessary corporate responsibilities required to mitigate those risks throughout the enterprise.

• Contribute to the maturity of the ISO Risk Register in order to build a holistic view of organizational risk.

• Build appropriate metrics and KPIs and provide regular reporting on the information security program maturity, risk posture and management, and regulatory compliance of Corporate Functions and IT.

• Responsible for all associate relations functions for department staff including hiring, terminating, performance management, development and training.

• Makes recommendations for succession planning.

• Performs related duties as assigned.

Experience & Education Requirements:

• Bachelor's degree; concentration in Computer Science, Management Information System, or equivalent Business experience desired

• Minimum of 5 years of leadership experience in the information security field, IT operations and compliance management roles which may include architecture assurance, risk management, business continuity, and related process design

• Directly applicable International / Global Experience required

• Seasoned leader of global professionals and cross functional teams, who can attract, develop and retain top talent in the field

• Direct experience leading an information security function such as architecture, risk/compliance or disaster recovery

• Extensive experience with Healthcare regulatory and information security guidelines, audits as well as external audit processes and requirements

• Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, HITRUST, ITIL, NIST and PCI.

• Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required.

• Excellent understanding and broad knowledge of all IT Architecture, Operations, Information Security & Risk Management, strategic planning and the related tactical initiatives needed to achieve the plan.

• Demonstrated ability to effectively present, manage conflicts and interact at Leadership levels (Director/Sr. Director/VP) and resolve critical and sensitive issues with external partners and customers.

• Demonstrated ability to meet objectives, deliver quality results in a high performance environment

• Excellent skills interacting and mediating sensitive situations at all levels of the organization and with external customers and auditors.

• Ability to easily defuse critical situations and manage escalations appropriately.

• Ability to communicate effectively both orally and in writing; ability to communicate with customers, associates and management in a cross functional matrix organization; solid teamwork and interpersonal skills

• Strong presentation skills; ability to present and discuss business issues, strategies as well as technical information in a manner that establishes rapport, persuades others, and gains understanding at all levels of the organization.

• Ability to establish solid relationships with vendors in support of initiatives; ability to negotiate and manage outside vendors against deliverables and influence product direction.

• Good business and financial planning, analytical, and conceptual skills to evaluate business risks and apply knowledge to identify appropriate solutions

• Solid project management skills including the ability to effectively deploy resources and manage multiple projects of various diverse scope in a matrix and cross-functional environment

• Solid knowledge of information security principles and practices

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York/Hawaii/Vermont/Minnesota/Massachusetts/Illinois State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned

.