• Act as a Subject Matter Expert for all programs within the VCM space • Conduct comprehensive vulnerability assessments using tools such as Wiz and Tenable • Communicate findings effectively to prioritize vulnerability remediation • Monitor US FinTech infrastructure for Vulnerability and Compliance related issues • Build out new Security baselines for CIS and DISA STIG • Provide detailed risk assessments for discovered vulnerabilities • Collaborate with IT and DevOps teams to ensure timely remediation of vulnerabilities • Act as a liaison between security, IT, development, and risk teams • Mentor Junior Analysts and provide guidance

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details Summary: The Senior Director of Cloud Security leads the global strategy, architecture, engineering, and governance of cloud security for an enterprise operating in multi-cloud and hybrid environments. This role is accountable for securing public cloud (IaaS/PaaS), SaaS platforms, containerized workloads, and cloud-native application architectures while enabling business velocity, digital transformation, and regulatory compliance. This role is responsible for building strong partnerships with technology teams, other corporate support functions, and other Information Security organizations to protect the corporate brand, data, and assets and is responsible for the design, implementation, operation, and maintenance of an information security framework, processes, and systems, that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage, and loss. The position partners closely with the CISO, other Information Security Sr. Leaders, and other Technology Leadership teams to establish a vision and strategy required to ensure scalable, measurable, and continuously improving defense capabilities across the applicable security domain in collaboration with other information security domain leaders and partner organizations. Our employee experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity. They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence. Primary Responsibilities: - Define and execute the enterprise cloud security strategy aligned to corporate risk appetite and regulatory requirements. - Establish cloud security reference architectures, guardrails, and design patterns. - Lead cloud security governance across AWS, Azure, GCP, and strategic SaaS providers. - Own cloud security policy framework and control standards (aligned to NIST, - Present cloud risk posture and roadmap to executive leadership and key stakeholders. Lead cloud security architecture for: - Landing zones and platform engineering - Identity and access management (including zero trust) - Network security and segmentation - Encryption and key management - Container/Kubernetes security - API security - Cloud-native application protection Additional Responsibilities: - Establish secure-by-design and DevSecOps integration models in collaboration with Application Security Engineering and Secure SDLC engineers. - Drive an automation first infrastructure-as-code and policy-as-code strategy in partnership with Platform Engineering and Application Security Engineering - Oversee and partner w/global support partners CSPM, CWPP, CNAPP, DSPM, SSPM and related platforms. - Drive critical alignment and integration w/engineering and delivery leaders supporting capabilities such as CIEM, CASB, and SSE - Partner with SOC and Cyber Defense Engineering for cloud threat detection and response integration. - Oversee cloud logging, telemetry, and SIEM/SOAR integration. - Partner with Cyber Defense Engineering on the creation, validation, and testing of cloud incident response engineering playbooks. - Partner with Risk Management and other key stakeholders to establish vulnerability management and misconfiguration remediation pipelines. - Track and reduce enterprise cloud risk metrics. - Secure multi-cloud architectures across AWS, Azure, GCP. - Ensure consistent controls across on-prem, private cloud, and SaaS ecosystems. - Support M&A integrations and divestitures with cloud security assessments and rapid control deployment. - Ensure compliance with global regulatory regimes (e.g., HIPAA, GDPR, SOX, FDA/GxP where applicable). - Enable audit readiness and continuous control monitoring. - Partner with Legal and Privacy on data residency and cross-border cloud risks. - Build and lead a global team of cloud security architects and engineers. - Develop succession planning and technical career paths. - Establish KPIs, OKRs, and performance dashboards. - Enterprise financial management and planning experience. - Foster collaboration with platform engineering, SRE, and DevOps teams. - Follows information security trends within and outside of work with executive leadership to strategize and recommend changes and updates to company Educational, Experience & Knowledge Requirements: Education: - Master’s Degree in Business Administration, Computer Science, Information Technology or any other related discipline or equivalent related experience. Preferred Certifications: - Certified Cloud Security Professional (CCSP) - Certified Information Systems Security Professional (CISSP) - Certification in Information Security Strategy Management (CISM) - Microsoft Certified: Cybersecurity Architect Expert (SC-100) - Information Technology Infrastructure Library (ITIL) - Offensive Security Certified Professional (OSCP) - Project Management Professional (PMP) Certification Work Experience: - 12+ years of directly-related or relevant experience with 8+ years in a managerial capacity, preferably in information security. Behavioral Skills: - Coaching and Mentoring - Creativity & Innovation - Decision Making - Leadership Skills - People Management - Planning - Risk-taking Technical Skills: - IT Risk Management - IT Controls - Cyber Attack Mitigation - Enterprise IT Management - Network Security - Service Level Maintenance - Information Security Strategy Continuity - Threat Modelling - Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI) Tools Knowledge: - Microsoft Office Suite - Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc. - Security Testing Tools - Open Source and COTS security tools - Threat Intelligence Tools - Vulnerability Testing Tools What Cencora offers We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora Full time Equal Employment Opportunity Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned Affiliated Companies Affiliated Companies: AmerisourceBergen Services Corporation

• Partner with domain leadership to set product vision and strategy in alignment with organizational goals • Develop and execute multi-year domain roadmaps aligned to organizational strategy and objectives • Ensure roadmap visibility and alignment across all cross-functional stakeholders • Define key performance indicators (KPIs) to measure product success and drive data-informed decisions • Manage, lead, and facilitate cross-functional collaboration with leaders, stakeholders, partners, customers, and peers • Deliver and present executive-level health and progress reporting of product performance, outcomes, risks, and strategic insights to various stakeholders • Promote agile best practices and continuous improvement • Assess, monitor, and mitigate risks and issues; adjust strategies and plans as necessary based on new information or changes in circumstances

• Learn about our users, systems, and security posture, and how security enables our product and business goals. • Support security assessments of code and infrastructure changes with guidance from Security Engineers, helping ensure alignment with SOC 2, PCI-DSS, and internal policies. • Assist with automating recurring security and compliance activities such as vulnerability scanning, risk assessments, third-party risk reviews, and control validation. • Help create and tune monitoring and detective alerts for security operations, non-compliance, and incident response, using our security tools and dashboards. • Contribute to maintaining a healthy posture of our security tools and automations by helping with configuration, troubleshooting, and documentation. • Assist with collecting, organizing, and reviewing audit evidence for SOC 2 • Participate in security incident response exercises and post-incident reviews, learning how we investigate and mitigate security events. • Collaborate with partners across Technology, Product, Analytics, and IT to support small, scoped projects that reduce risk and improve our security posture. • Have fun building meaningful, pragmatic security solutions with kind and smart people.