Senior Director of Cybersecurity Assessments and Assurance

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
Job Details
Position Summary:
We are seeking an experienced and strategic Senior Director of Cybersecurity Assessments and Assurance to lead and enhance the organization's cybersecurity assessment and assurance program. This role will oversee key functions, including third-party risk assessments, contract reviews, compliance assessments, vendor continuous monitoring, and management of third-party certifications (e.g., SOC 1, SOC 2, ISO 27001, NIST). The Senior Director will also ensure that the organization adheres to IT regulatory compliance requirements, including HIPAA, PCI, GxP, and other applicable standards.
Reporting to the Chief Information Security Officer (CISO), this role is critical to ensuring the organization's cybersecurity posture remains robust and aligned with business objectives, regulatory obligations, and industry best practices. The Senior Director will collaborate with internal and external stakeholders to reduce risk, enhance compliance, and build customer trust.
Key Responsibilities:
Cybersecurity Assessments and Assurance

• Develop and lead a comprehensive cybersecurity assessments and assurance program to evaluate the security posture of the organization and its vendors.
• Oversee infrastructure and application compliance assessments to ensure alignment with security policies, frameworks, and regulatory standards.
• Design and execute annual critical assessments of key systems, applications, and processes, identifying gaps and driving remediation efforts.
• Manage the organization's third-party certifications (e.g., SOC 1, SOC 2, ISO 27001, NIST), ensuring timely attainment and renewal through effective coordination with internal teams and external auditors.

Third-Party Risk Management

• Own the third-party risk assessment process, ensuring thorough onboarding, evaluation, and periodic reassessment of vendors.
• Oversee continuous monitoring of critical vendors to evaluate their adherence to contractual obligations, security requirements, and industry standards.
• Collaborate with procurement, legal, and vendor management teams to review and negotiate cybersecurity and data privacy clauses in contracts.
• Develop and maintain a risk-based methodology to prioritize and focus efforts on high-risk vendors and critical third-party relationships.

IT Regulatory Compliance

• Ensure compliance with applicable IT regulatory requirements, including but not limited to HIPAA, PCI-DSS, GxP, GDPR, and CCPA.
• Monitor the evolving landscape of cybersecurity regulations and standards, providing guidance to internal stakeholders on compliance obligations.
• Lead internal and external audits related to regulatory compliance, ensuring timely responses, remediation, and reporting.
• Collaborate with legal and compliance teams to address regulatory inquiries, assessments, and reporting needs.

Continuous Monitoring and Metrics

• Implement and oversee a continuous monitoring program for critical systems, applications, and third-party relationships, leveraging tools and automation where possible.
• Establish and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of cybersecurity assessments, vendor management, and compliance programs.
• Provide regular reporting to senior leadership on the organization's cybersecurity posture, highlighting risks, trends, and remediation progress.

Leadership and Collaboration

• Lead and mentor a high-performing team of cybersecurity professionals responsible for assessments, assurance, and compliance activities.
• Foster collaboration with cross-functional teams, including IT, legal, procurement, internal audit, and business units, to align cybersecurity efforts with organizational objectives.
• Serve as the primary liaison with external auditors, regulators, and certification bodies, ensuring effective communication and coordination.
• Act as a trusted advisor to senior leadership, providing insights and recommendations on risk management, compliance, and assurance strategies.

Education and Experience Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field (Master's degree preferred).
• 10+ years of experience in cybersecurity, risk management, or compliance, with at least 5 years in a leadership role managing teams and programs.
• Strong experience in third-party risk management, cybersecurity assessments, and regulatory compliance.

Skills and Competencies:

• In-depth knowledge of cybersecurity frameworks and standards, including SOC 1, SOC 2, ISO 27001, NIST CSF, and CIS Controls.
• Strong understanding of IT regulatory compliance requirements, including HIPAA, PCI-DSS, GDPR, GxP, and other applicable standards.
• Proven experience managing third-party risk assessment programs, including vendor onboarding, continuous monitoring, and contract reviews.
• Expertise in leading infrastructure and application compliance assessments to ensure adherence to internal policies and external requirements.
• Strong project management skills, with the ability to coordinate complex assessments, audits, and certifications across multiple teams and stakeholders.
• Exceptional communication and interpersonal skills, with the ability to influence and collaborate with senior leaders, technical teams, and external partners.
• Strong analytical and problem-solving skills, with the ability to identify risks, recommend mitigations, and drive resolution.

Certifications (Preferred):

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor or Implementer
• Certified Third-Party Risk Professional (CTPRP)
• Governance, Risk, and Compliance (GRC) certifications (e.g., GRCP, GRCA)

Key Competencies:

• Leadership: Proven ability to inspire, lead, and develop teams while fostering a culture of accountability and excellence.
• Strategic Thinking: Ability to align cybersecurity assessments and assurance programs with organizational goals and evolving threats.
• Collaboration: Strong ability to work across departments and build consensus on risk and compliance priorities.
• Results-Oriented: Focused on achieving measurable improvements in cybersecurity posture and compliance adherence.
• Adaptability: Comfortable navigating the dynamic regulatory and cybersecurity landscape, proactively addressing emerging challenges.

The preference is for candidates to be located within a reasonable distance of our Conshohocken, PA or Carrollton, TX offices. However, individuals in other locations will also be considered. Those not based near a primary site should expect to travel to these locations as needed.
What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora
Full time
Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.
Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email [email protected]. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
Affiliated Companies
Affiliated Companies: AmerisourceBergen Services Corporation