Director, CISO Strategy & Transformation Office

Cardinal Health • Full-time • Remote (Ohio, United States, US) • 1d ago

What Information Security and Risk contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

Job Summary

The Director, CISO Strategy & Transformation Office is a senior leader responsible for establishing, executing, and continuous monitoring of the global cybersecurity & infrastructure program strategy, portfolio governance, and operational performance. Reporting to the SVP, Chief Information Security Officer (CISO), this role serves as a central integration point across cybersecurity, technology, and business teams to align cybersecurity & infrastructure priorities, enterprise objectives, and risk management outcomes.

This role leads the design and execution of the CISO strategy, portfolio management, financial governance, vendor management, and program performance monitoring. It also plays a critical role in setting cybersecurity mergers and acquisitions (M&A) strategy and coordinating related activities such as the integration of security & platform capabilities, processes, and technologies. The Director drives operational excellence through structured intake, prioritization, and delivery of CISO program initiatives while promoting a data-driven, risk-based approach to decision-making.

Responsibilities

Organizational Leadership & Strategy Alignment

Support the development and socialization of the cybersecurity & infrastructure strategy and multi-year roadmap aligned with enterprise goals, risk priorities, and evolving threat landscapes
Collaborate with the CISO to define program objectives, success metrics, and performance expectations, ensuring alignment with broader technology and business strategies
Serve as an advisor to cybersecurity, infrastructure, and business leadership, enabling informed decision-making through structured planning, reporting, and analysis
Establish governance mechanisms to create consistency, transparency, and accountability across cybersecurity initiatives and program activities

Cybersecurity Portfolio & Program Management

Lead the management of the CISO program portfolio, including prioritization, planning, execution, and tracking of initiatives and projects
Maintain standardized processes for project intake, scoping, resource allocation, and delivery across Global Cybersecurity and Infrastructure Services teams
Provide centralized visibility into project status, risks, dependencies, and outcomes to support effective execution and leadership reporting
Ensure alignment between cybersecurity & infrastructure initiatives, product roadmaps, and enterprise transformation efforts
Drive adoption of scalable delivery practices to enhance execution efficiency and responsiveness to changing CISO program priorities

Performance Monitoring & Reporting

Monitor and report on CISO program performance using key performance indicators (KPIs) and key risk indicators (KRIs)
Provide ongoing insight into program health, operational performance, emerging risks, and strategic progress to support executive decision-making
Standardize reporting frameworks to enable consistency across CISO program functions, including executive, business unit, and operational reporting
Leverage data and analytics to inform prioritization, funding decisions, and continuous improvement efforts

Financial & Vendor Management

Oversee CISO program financial planning, including budgeting, forecasting, and resource alignment to strategic priorities
Evaluate program spend, financial performance, and demand planning to ensure efficient and scalable use of resources
Track and manage the CISO vendor portfolio, including vendor inventory, performance, and contract lifecycle management
Lead and support RFP processes, vendor selection, and contract negotiations in partnership with procurement and business stakeholders
Establish governance and guidelines for vendor engagement to ensure alignment with cybersecurity and infrastructure requirements and organizational objectives

M&A Cybersecurity Strategy & Integration

Maintain a standardized cybersecurity and infrastructure playbook to support activities across the M&A lifecycle, including due diligence, integration planning, and execution
Oversee objectives, scope, roles, and processes to ensure risk-aligned CISO program engagement during acquisitions and divestitures
Lead integration planning efforts to align cybersecurity and infrastructure priorities with deal objectives, ensuring seamless integration of people, processes, and technologies
Serve as the central coordination point between acquired entities and enterprise CISO program teams to ensure alignment, communication, and execution
Provide guidance and oversight to ensure security and infrastructure risks are identified, assessed, and mitigated throughout the M&A lifecycle

Stakeholder Engagement & Operational Integration

Coordinate CISO program engagement requests across stakeholders, including business units, technology teams, auditors, and external partners
Facilitate collaboration between cybersecurity, IT, product, legal, finance, and business teams to embed security into strategic initiatives and operational processes
Ensure effective communication and alignment across internal and external stakeholders to support program execution and integration efforts
Promote a culture of accountability, transparency, and continuous improvement across cybersecurity and infrastructure operations

Talent, Capability Development & Continuous Improvement

Build and lead a high-performing team with capabilities across strategy, portfolio management, financial governance, and program operations
Develop team capabilities through coaching, structured career development, and role-based training aligned to evolving cybersecurity & infrastructure needs
Drive continuous improvement initiatives to enhance program maturity, operational efficiency, and strategic impact
Foster a data-driven and risk-based culture that supports innovation, scalability, and long-term program sustainability

Qualifications

8+ years of progressive experience in cybersecurity, technology risk, or IT program leadership, with a focus on strategy, portfolio management, or program operations preferred
Strong expertise in cybersecurity and infrastructure strategy development, portfolio management, financial governance, and vendor management
Experience managing complex, cross-functional initiatives and aligning cybersecurity programs with enterprise objectives
Deep understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001), risk management principles, and regulatory requirements
Demonstrated ability to establish governance structures, performance metrics, and reporting frameworks to support executive decision-making
Strong leadership, communication, and stakeholder management skills, including experience working with executive leadership
Experience supporting cybersecurity activities across mergers and acquisitions, including due diligence and integration
Experience in highly regulated industries (e.g., aviation, financial services, healthcare, or government)
Advanced degree (MBA, MS in Cybersecurity, Information Systems, or related field) preferred
Professional certifications such as CISSP, CISM, CRISC, or PMP
Experience with Agile methodologies and enterprise portfolio management tools

What is expected of you and others at this level

Provides leadership to managers and experienced professional staff; may also manage front line supervisors
Manages an organizational budget
Develops and implements policies and procedures to achieve organizational goals
Assists in the development of functional strategy
Decisions have an extended impact on work processes, outcomes, and customers
Interacts with internal and/or external leaders, including senior management
Persuades others into agreement in sensitive situations while maintaining positive relationships

Anticipated salary range: $135,400 - $208,100

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs

Application window anticipated to close: 6/12/26 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.