Senior IT Security Architect, Acquisition Integration

About The Position

Requirements

• Industry-specific certifications preferred, such as CISSP, CISM, CRISC, or relevant technical security certifications.
• Advanced experience with various security domains, including but not limited to endpoint security, network security, cloud security, identity and access management, vulnerability management, and security operations.
• Strong understanding of common security frameworks and standards (e.g., NIST Cybersecurity Framework, ISO 27001/2, HIPAA, PCI DSS).
• Strong understanding of risk management methodologies and experience applying them in integration scenarios.
• 7+ years of experience in Information Technology, with a preferred and demonstrable concentration on cybersecurity architecture and/or security program management, particularly in environments involving mergers, acquisitions, or significant technology integration.
• Proven experience in tool rationalization, cloud adoption strategies (especially SaaS), and managing transitions between different security technologies.
• Strategic thinker with the ability to translate high-level integration goals into actionable security plans.
• Demonstrated ability to effectively collaborate with cross-functional teams, including IT operations, application development, legal, and business units, to achieve security objectives.
• Familiarity with cloud platforms (AWS, Azure, GCP) and their security constructs is highly desirable.
• Experience in facilitating security assessments and driving remediation efforts for diverse technical environments.
• Strong written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.
• Prior experience working within a Managed Service Provider (MSP) environment is strongly preferred

Responsibilities

• Drive Acquisition IT Security Integration Strategy: Develop and execute comprehensive security integration strategies for newly acquired entities, aligning with Cardinal Health's security standards, risk appetite, and industry best practices.
• Risk Mitigation and Diligence: Review and analyze security diligence reports, penetration test findings, and third-party risk assessments for acquired entities. Prioritize and drive remediation efforts to reduce security risks effectively and efficiently.
• Tool Rationalization and Optimization: Lead the assessment and rationalization of security tools and technologies within acquired organizations. Develop and implement plans for migrating to or integrating with Cardinal Health's standard security stack, considering cost-effectiveness and operational efficiency.
• Provide architectural guidance and oversight for cyber and information security managed services, particularly in post-acquisition integration.
• Architecture Alignment and Design: Contribute to the development and documentation of security architectures that support acquisition integration, ensuring alignment with Cardinal Health's reference architectures, design patterns, and technology standards.
• Cross-Functional Collaboration and Facilitation: Act as a key liaison between acquired company security teams and Cardinal Health's internal security functions (e.g., Application Security, SOC, Vulnerability Management). Facilitate necessary meetings and discussions to define security requirements and ensure seamless onboarding of new assets.
• Security Control Implementation Oversight: Ensure that appropriate security controls are designed and implemented across all phases of acquisition integration, including endpoint security, network security, identity and access management, and data protection.
• Security Operations Center (SOC) Onboarding: Collaborate with the SOC to ensure readiness for onboarding new assets from acquired entities, including defining monitoring requirements, alert tuning, and Tier 1 response plans.
• Security Process and Policy Alignment: Assist in the adaptation and integration of acquired entities' security processes and policies to align with Cardinal Health's established frameworks and compliance requirements.
• Vendor and Contract Management Support: Provide security architecture input and guidance for vendor selection and contract negotiations related to security tools and services for integrated acquisitions.
• Emerging Technology Integration: Assess and advise on the secure integration of emerging technologies or unique solutions present within acquired companies, ensuring they can be managed within Cardinal Health's security ecosystem.
• Knowledge Sharing and Mentorship: Share expertise on acquisition security integration best practices and common challenges with other security team members and project stakeholders.

Benefits

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs