Information Security and Risk Engineer HITRUST (Remote)

About the job

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.

We currently have a career opening for an Information Security and Risk Engineer (HITRUST) and open to a remote worker in the position.

This role will be responsible ensuring HITRUST compliance for a major division of the company. The individual will assist in maintaining existing HITRUST scoped applications compliance as well serving as the primary point of contact for new HITRUST scoped applications to ensure design and implementation of necessary controls frameworks to ensure compliance.

  • Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and also responding to external assessments
  • Establish and maintain security & controls policies and procedures in accordance with applicable regulations
  • Assist in response to security assessments and questionnaires.
  • Research new security compliance requirements and assist in the evaluation of compliance control requirements.
  • Report security control related metrics and effectiveness.
  • Evaluate, design, test, and recommend new or improved controls to keep Med. IT applications current with industry standards and compliance requirements.
  • Partner with leadership regarding information security risks, controls, and audit requirements.
  • Manage Corrective Action Plans (CAPs) logs and ensure issues are assigned priority and closed out in a timely manner.
  • Collaborate with organizational teams to design and deliver training initiatives that promote the development of staff.
  • Any other duties that may be required as assigned.


  • Experience participating in external security audits; HITRUST and/or SOC2 Type II preferred.
  • Experience conducting needs assessments and identifying/implementing appropriate solutions.
  • Solid working knowledge of governance frameworks including HITRUST, NIST, ISO27000, FedRAMP, and PCI.
  • Experience with Corrective Action Plans (CAP) to remediate deficiencies identified through monitoring, auditing, or a Compliance Issue Report (CIR). These activities should consist of improvements to health plan processes or vendor processes taken to eliminate causes of non-compliance or other issues.
  • Experience with Resiliency Planning (High-Availability / Disaster Recovery) planning with IT system owners
  • Strong personality, ability, and credibility to influence key decision-makers, and highly technical resources.
  • Strong subject matter credibility, must have knowledge and ability to take a practical/business relevant approach to security and compliance, resulting in a practical yet compliant security program.

Non-Technical Qualifications

  • Experience working in an Agile environment is preferred.
  • Good verbal and written communications.
  • Team Player and Collaborative – Ability to work well with team members to achieve the desired results.
  • Driven and self-motivated to learn new technologies and achieve objectives.
  • Ability to multi-task with organization, efficiency, accountability, and attention to detail.
  • Excited, interested and engaged in the areas of security, compliance, and our business.
  • Strong oral and written communication skills.


For any onsite, non-remoteemployees

A Covid-19 vaccination is required in order to be employed in this position. This includes either:

2 doses of the Moderna or Pfizer vaccine

1 dose of the Johnson & Johnson vaccine

Please Note: vaccines may be required for the position subject to federal, state and/or customer requirements

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

More Information

Apply for this job

Leave your thoughts

Share this job