Senior Engineer, IT Governance and Compliance

**_Company Overview:_** Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. The **IT Governance and Compliance** function within the organization develops, enhances, and maintains security policies and IT compliance programs in alignment with regulatory, legal, and contractual requirements, while collaborating closely with key stakeholders to maintain a security and compliant technology environment. We are committed to building a resilient, secure, and compliant digital ecosystem, and you will play a critical role in safeguarding our information and supporting our mission to improve the lives of people every day. **_Job Overview:_** We are seeking a **strategic** and experienced **Senior Engineer for IT Governance and Compliance** , who will be responsible for the design, implementation and continuous improvements of IT governance frameworks, controls, and compliance processes across the organization. This role will also serve as a senior technical and strategic resource ensuing IT operations, projects, and M&A activities are aligned with enterprise standards, regulatory requirements and industry's best practices. In this role, you will have the opportunity to lead meaningful work, collaborate across functions, and help shape the future of our IT Governance and Compliance strategy. This role is a leader position within the IT Governance and Compliance team and requires having an in-depth understanding of key privacy and security regulations within healthcare industry such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), FDA (Food and Drug Administration)/GxP/CSV (Computer System Validation), DSCSA(Drug Supply Chain Security Act), as well as relevant governance frameworks to drive compliance to those regulatory requirements such as NIST, HITRUST, SOC 2, ISO, COBIT, ITIL, etc., while working with members of the Information Security and Risk Management team as well as stakeholders from Finance, Legal, Ethics & Compliance, Internal Audit and our various business segment leadership teams throughout the Cardinal Health enterprise. **_Responsibilities:_** + Lead the development, implementation and maintenance of the IT governance framework in alignment with industry standards. + Partner with IT and business leaders to embed governance principles across IT eco-system. + Define and monitor key risk and performance indicators to ensure continuous compliance and operational excellence. + Conduct periodic control assessments to confirm IT regulatory/compliance requirements are met (e.g., PCI-DSS, HIPAA, DFARS/CMMC) + Collaborate with solution owners and key stakeholders to identify and understand control gaps and vulnerabilities, prioritize based on risk, and recommend action plans that will address root causes. Monitor and manage open issues through closure to improve the IT compliance posture. + Act as an "IT Compliance Lead" on programs/projects including M&A initiatives to direct processes and people through influence to confirm key IT compliance requirements are identified and met through cross-functional collaboration across key stakeholders (e.g., Cybersecurity, Finance, Internal Audit, Legal and Compliance, IT/Business Leadership team) + Conduct discovery/impact assessments of target organizations through M&A and/or future-state IT environment to identify regulatory/compliance requirements and controls required to meet the requirements + Develop and track remediation roadmaps to improve compliance posture of the future state IT environment. + Provide oversight to confirm compliance requirements are being designed and implemented and risks/issues are reported to the leadership timely + Act as a trusted advisor to IT and business leadership as well as key stakeholders on IT compliance and governance processes. + Support internal and external audit processes to confirm timely responses and evidence collection. + Mentor team members and promote a culture of accountability and continuous improvement. + Effectively manage and implement changes throughout the organization. + Be a thought-leader and implementer of optimizing and automating GRC processes. + Shape the evolution of our GRC management program, helping build and refine processes that scale with our growing organization. **_Qualifications:_** + Bachelor's Degree in related field or equivalent work experience + 10+ years' experience in IT Governance, Risk and Compliance (GRC) functional roles such as IT Compliance, IT Risk Management, IT Audit, Enterprise Risk Management, etc preferred. + Demonstrated leadership in driving cross-functional governance initiatives + Proven experience with implementing and leveraging IT governance frameworks (e.g., ITIL, COBIT, NIST) + Deep understanding of healthcare industry regulations and standards (e.g., PCI DSS, HIPAA, GDPR, NIST, HITRUST, SOC 2) + Proven experience supporting IT due-diligence and integration during M&A initiatives. + Experience building or significantly improving GRC programs within high-growth technology organizations, particularly those dealing with emerging technologies + Experience gathering and analyzing business requirements, translating them into actionable plans and technical specifications + Strong technical knowledge of enterprise IT environments (cloud, network, infrastructure, applications, data lake/data warehouse) and ability to design and implement control framework across it + Hands-on experience with GRC platforms, project management tools, and service management systems, with a focus on scaling and automating GRC processes + Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape. + Excellent analytical and problem-solving skills - able to translate technical concepts into business outcomes + Excellent communication skills (both verbal and written) - able to facilitate discussions with leaders at all levels within the organization, work in a matrixed environment to drive results, and clearly define and execute repeatable processes. + Excellent time management, active listening, meeting facilitation, and influencing skills. + Professional certifications preferred: CGEIT (Certified in the Governance of Enterprise IT), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) **Anticipated salary range:** $123,400 - $176,300 **Bonus eligible:** Yes **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with myFlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/28/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (