Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

What you will be doing

POSITION SUMMARY:

The Manager, Information Security will deliver and manage large and complex Identity and Access Management initiatives across the business with the goals of improving efficiency, increasing security posture, and supporting aggressive growth. The Manager, Information Security will be expected to work in the Privileged Access Management space.

• Establish standards, driving designs and implementation of appropriate identity and access management processes and controls which help improve operations and lower risk.
• Drive the design, implementation and management of Privileged Access Management Services which includes management of privileged accounts, secure access to Cencora resources (on premise and in the cloud), secure management of credentials, session management, zero standing privilege model, just-in-time privilege access and Identity & Access Analytics.
• Understand a variety of IAM-related product suites and tools to make critical operational and strategic decisions. Example products include: BeyondTrust Password Safe, BeyondTrust Endpoint Privilege Management (EPM), BeyondTrust Privileged Remote Access, SSH Key Management, MFA, SIEM, Azure Entra, Active Directory, Linux, PowerShell scripts, etc.
• Directly partner with the enterprise Finance, Legal, Audit and Compliance executives to support Internal and External Audits relating to IAM (SOX, COBIT, IT Controls)
• Lead the development and implementation of prudent enterprise security standards, guidelines and procedures to protect the integrity, availability and privacy of all corporate information assets
• Working with ISO Risk Organization, support the Business Unit and IT executives through the process of prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the corporate strategic plan.
• Ensures Identity and Access Management Services follows appropriate policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs These efforts include (but are not limited to): Information Security Governance processes, Policies & Procedures, Audits, Metrics, and reporting in direct alignment with contractual, regulatory and compliance requirements.
• Support Business Unit and IT executives through the process of prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the corporate strategic plan
• Manage, develop and mentor teams of Identity and Access Management professionals as well as contractors, vendors and services providers
• Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all IT projects, including the evaluation of enterprise policies, processes, operating procedures and governance controls
• In alignment with the Company's growth and direction, assists in managing the development of budgets, controls and measurements to monitor progress
• Makes recommendations for succession planning
• Performs related duties as assigned

• Demonstrated ability and willingness to collaborate with others to insure consistent and high-quality results
• High level of personal integrity with the ability to professionally handle highly sensitive and confidential situations with Executives, Customers, and 3rd parties.
• Ability to easily defuse critical situations and manage escalations appropriately.
• Ability to communicate effectively both orally and in writing; ability to communicate with customers, associates, and management in a cross functional matrix organization; solid teamwork and interpersonal skills
• Ability to establish solid relationships with vendors in support of initiatives; ability to negotiate and manage outside vendors against deliverables.
• Solid project management skills including the ability to effectively deploy resources and manage multiple projects of various diverse scope in a matrix and cross-functional environment
• Solid knowledge of information security principles and practices
• Working knowledge of network solutions and systems
• Excellent track record communicating, managing complex projects and influencing others, in a diversified and international matrix organization. Adept at proposing, implementing, and managing change while prepared to question the "Status Quo"
• Ability to deal with ambiguity in a very dynamic and high speed and complex business environment.

• EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
• Bachelor's Degree in Information Technology, Information Security and Assurance, Computer Science, Cyber Security or other related field or equivalent work experience.
• Typically requires 10+ years of combined IT and security work experience with a broad range of exposure to Identity and Access Management functions with a focus on Privileged Access Management and over 5 years' experience designing and deploying Identity and Access Management solutions at the enterprise level.
• Experience leading technical teams in a large and complex environment to deliver related capabilities and services.
• Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST and PCI.
• Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required.