This role is a leader position within the team and requires having an in-depth understanding of local, national and international privacy and security regulations such as HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) as well as relevant control frameworks to drive compliance to those regulatory requirements, while working with members of the Information Security and Risk Management team as well as privacy leaders in Legal, Ethics & Compliance and our various businesses throughout the Cardinal Health enterprise.  Senior Engineer will be responsible for assessing current IT Privacy Compliance Program, while building and implementing a roadmap to enhance it to drive IT Privacy Compliance throughout the organization.

Daily Responsibilities:

• Lead the IT Privacy Compliance Program as a "Second Line of Defense" function.
• Perform current-state assessment to identify and implement enhancement to the program to address local, national and international IT privacy and data protection requirements (both regulatory and contractual)
• Implement a risk-based approach on performing IT Privacy Compliance Assessments.
• Build and implement metrics to report on effectiveness of the IT Privacy Compliance Program
• Partner with Legal counsel and Ethics & Compliance leaders to address regulatory or compliance requirements, issues, concerns or questions.
• Partner with IT and IT Security in the development of policies, procedures and practices in support of privacy and data protection compliance.
• Collaborate with IT and business leaders and team to provide guidance on doing privacy by design and remediating issues identified to enhance compliance to the regulatory requirements.
• Identify opportunities to automate various privacy and data protection compliance activities to reduce the overall cost of compliance.
• Mentor members of the team on how to effectively perform compliance assessments.
• Effectively manage and implement change throughout the organization.

Qualifications:

• Bachelor's Degree in related field or equivalent work experience
• 10+ years' experience in related field
• Prior experience with key IT Privacy regulation compliance including HIPAA and GDPR compliance.
• Prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT Privacy regulatory compliance.
• Prior experience working with Internal or External Audit functions are a plus.
• Experience with IT risk and controls identification and assessments including IT control design and effectiveness testing.
• Experience with GRC (Governance, Risk and Compliance)
• Experience in analyzing data and creating reports/dashboards/views to provide visibility into risk and control landscape.
• Ideal candidate will have excellent communication skills (both verbal and written) with leaders at all levels within the organization, an ability to work in a matrixed environment to drive results, and the ability to clearly define and execute repeatable processes.
• Ideal candidate will have an effective time management, active listening, meeting facilitation, and influencing skills.
• Ability to effectively navigate a variety of challenging environments, prioritize work and determine when to escalate to upper management.
• Security or risk certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are a plus.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.