Director, Information Security

Summary:

The Director, Information Security leads large scale projects, and a team of ISO managers and team members to ensure the security of the organization's information assets. They regularly interact with IT leadership team, business leadership team and other cross functional teams. The role also involves assisting in the development of enterprise standards & technology initiatives, and IT security governance processes ensuring compliance with regulations, internal IT standards, policies, and procedures.

The Director, Information Security will work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. They also communicate and educate IT and the business about security policies and industry standards and provide solutions for enterprise/business security issues. The role provides exciting opportunity to grow as a leader within the Information Security domain.

Primary Duties & Responsibilities:

• Lead the design, implementation and management of appropriate processes and controls which help assure that information created, acquired or maintained by Cencora and its authorized users, is used in accordance with its intended purpose.

• Lead the proactive identification of risks and protecting Cencora's information and infrastructure from external / internal threats and implement processes which help manage and reduce the overall risk impact for Cencora

• Create visibility and qualification of risks and drive initiatives to help ensure compliance with contractual, statutory and regulatory requirements, regarding information availability, access, security and privacy.

• Strategic, operational and financial responsibility for the development, implementation and delivery of appropriate security services and solutions to IT and directly to the business units across Cencora and affiliates globally.

• In partnership with Business Unit management team, identify the critical business assets (services, processes, information and systems), assess the potential threats and associated business risks and architect the appropriate and cost-effective security measures to ensure availability and safeguarding of the information.

• Guide the Business Unit and IT executives to help prioritize security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the corporate strategic plan.

• Lead strategic planning for the design and implementation of an Enterprise Information Security Management Systems (ISMS) which includes appropriate policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs.

• Directly partner with the enterprise Finance, Legal, Audit and Compliance executives to support Internal and External Audits (SOX, COBIT, IT Controls).

• Oversee strategic and tactical security, risk mitigation and regulatory compliance guidance for all IT projects, including the evaluation of enterprise policies, processes, operating procedures and governance controls.

• Lead the development, implementation and management of relevant metrics to measure the efficiency and effectiveness of the information security management systems (ISMS), risk management and related compliance programs.

• Drive the tracking and resolution of Audit findings and remediation activities and support external and customer security audits

• Participates in the development and maintenance of a global risk framework (a single view of the company's risk profiles and tolerance)

• Effectively lead, develop and mentor teams of Information Security and IS Risk Management professionals as well as contractors, vendors and services providers.

Qualifications:

Education:

• Bachelor's degree in Computer Science Engineering, Information Technology, or related field. Master's degree is preferred.

Certifications:

• Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix organization required.

Work Experience:

• Minimum of 10 years of experience of progressively responsible experience in the design, implementation, and management of Information Security shared services for a global corporation (Fortune 500) with 5+ years in a managerial capacity, preferably in information security.

Skills & Knowledge:

Behavioral Skills:

• Strong Communication and Presentation Skills

• Management and Leadership Skills

• Ability and Willingness to take on Challenges

• Strong Business Acumen

• Ability to take ownership of work

• Multitasking Skills

• Ability to Handle Complex Tasks

• Mentorship Skills

• Team Building Skills

• Analytical and Problem-Solving Skills

• Project Management ability

• Ability to Develop and Drive Processes

• Root Cause Analysis

Technical Skills:

• Project Planning & Prioritization

• Resource planning & Management

• Escalation Management

• Financial Acumen and Budget Management

• IT regulations, information security regulations and policies and procedures

• Cyber Security, Security Governance and Solutions or Identity and Access Management

• Security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST and PCI

• IT Risk Management

• Enterprise Architecture

• Network Security

• Service Level Maintenance

• Information Security Strategy Continuity

• Threat Modelling

• Microsoft Office Suite

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

• Security Testing Tools - Open Source and COTS security tools

• Threat Intelligence Tools

• Vulnerability Testing Tools

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York/Hawaii/Vermont/Minnesota/Massachusetts/Illinois State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned

.