Director, Information Security and Risk (Identity & Access Management)

What Information Security and Risk contributes to Cardinal Health
Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

The Director, Information Security and Risk (Identity & Access Management) is responsible for leading the organization’s Identity & Access Management (IAM) strategy, governance, and operations to ensure secure, efficient, and compliant access to technology resources. This role requires a leader with proven ability to execute large-scale enterprise IAM programs that directly impact how employees, contractors, and customers interact with Cardinal Health technology. Success in this role demands a balance between delivering a frictionless, user-friendly experience and maintaining the highest standards of security. The Director must also excel at building partnerships across the organization and collaborating on program delivery, while driving operational excellence and anticipating business risks associated with IAM changes.

Location - Ideally targeting individuals local to Central Ohio, but open to candidates located nationwide (fully remote). If living within commutable distance of our corporate HQ in Dublin, OH - the expectation would be to come in-office two or three days a month for team meetings.

Responsibilities

• Act as a visionary in designing and executing multi-year IAM strategy that aligns with business goals and customer needs
• Develop and oversee enterprise IAM policies, standards, and procedures, ensuring consistent enforcement across the organization.
• Lead IAM initiatives including identity lifecycle management (provisioning, de-provisioning, role-based access, entitlement reviews).
• Direct privileged access management (PAM) programs to safeguard critical systems and sensitive data.
• Ensure compliance with internal policies and external regulatory requirements (e.g., SOX, HIPAA, GDPR, PCI-DSS) through strong access controls.
• Execute enterprise IAM programs with significant business impact, ensuring seamless access for employees, contractors, and customers.
• Balance user experience with security by designing IAM solutions that are simple, intuitive, and resilient.
• Drive operational excellence by establishing repeatable processes, KPIs, and service delivery models for IAM functions.
• Build strong partnerships across IT, Security, HR, and business units to align IAM delivery with organizational priorities.
• Establish metrics and reporting mechanisms to monitor IAM effectiveness, operational performance, and program maturity for executive leadership.
• Lead training and awareness programs related to IAM policies, secure access practices, and identity governance.

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field preferred.
• Ideally targeting individuals with 12+ years of IT/security experience with at least 5 years in IAM leadership roles preferred.
• Proven track record of executing enterprise IAM programs with measurable business impact.
• Prior people leadership experience and demonstrated ability to manage operational IAM teams, highly preferred.
• Expertise with IAM tools and platforms (e.g., Okta, SailPoint, CyberArk, Azure AD).
• Strong understanding of relevant Regulatory and Compliance requirements (HIPAA, SOX, HITRUST CSF, etc.).
• Strong understanding of authentication protocols (SAML, OAuth, OpenID Connect, Kerberos) and cloud IAM (AWS IAM, Azure RBAC, GCP IAM).
• Certifications such as CISSP, CIAM, or CISM preferred.
• Strong analytical, relationship management, and communication skills (both written and verbal).
• Ability to collaborate across functions and influence stakeholders to achieve IAM program success.

What is expected of you and others at this level

• Provides leadership to managers and experienced professional staff; may also manage front line supervisors
• Manages an organizational budget
• Develops and implements policies and procedures to achieve organizational goals
• Assists in the development of functional strategy
• Decisions have an extended impact on work processes, outcomes, and customers
• Interacts with internal and/or external leaders, including senior management
• Persuades others into agreement in sensitive situations while maintaining positive relationships

#LI-LP

#LI-Remote

Anticipated salary range: $135,400 - $228,910

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage

• Paid time off plan

• Health savings account (HSA)

• 401k savings plan

• Access to wages before pay day with myFlexPay

• Flexible spending accounts (FSAs)

• Short- and long-term disability coverage

• Work-Life resources

• Paid parental leave

• Healthy lifestyle programs

Application window anticipated to close: 12/25/2025 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here