• Execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5) • Assess control implementation status using standardized criteria and validation methodologies (NIST SP 800-53A Rev. 5) • Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls • Apply consistent judgment to determine evidence sufficiency and appropriateness • Maintain organized evidence repositories using secure collaboration platforms • Draft standardized assessment narratives and findings • Contribute to assessment workbooks, reports, and presentations using approved templates and language standards • Adhere strictly to defined assessment methodologies, scope boundaries, and validation standards • Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking • Support quality assurance reviews by addressing feedback and ensuring accuracy and clarity of deliverables • Escalate ambiguities, inconsistencies, or control interpretation questions to senior team members • Participate in client interviews and working sessions in a professional, structured manner • Communicate assessment expectations and evidence needs clearly to stakeholders • Collaborate effectively with Lead Assessors and peers to meet delivery timelines

• Lead Security operational governance activities - Drive security remediation efforts and SLA/SLO adherence • Compliance, operationally focused and security driven • Ensuring delivery excellence in security tooling and business operations (Ensuring avoidance of non-performance / non-compliance leading to contractual penalties). • Relationship management with Gainwell Technologies suppliers and the client. • Presentation skills that invoke confidence and provide clear Gainwell messaging • Create and maintain an account security plan for the selected account(s) and Products • Manage and report security incidents from start to finish • Manage audit preparation, facilitation and remediation • Manage security risks and exceptions • Ensure knowledge and implementation of security fundamentals, policies, and standards (regulatory and contractual) • Escalate and resolve security issues • Coordinate delivery of security metrics and reporting in support of contractual commitment

• Designs and conducts regular audits of computer systems to determine that they are operating securely and that data is protected from both internal and external attack. • Assesses assigned system to determine system security status and ensures adherence to security policy, procedures and standards. • Designs and recommends security policies and procedures. • Prepares training materials for computer security education and awareness programs and trains end users on same. • Monitors, evaluates, and maintains complex security systems according to industry best practices to safeguard internal information systems and databases. • Reviews security requirements and subsequently reviews systems to determine if they have been designed and established to comply with established standards. • Conducts investigations of security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summary to management. • Reviews more complex company firewalls logs across the organization. • Responds to queries and requests for computer security information and reports from both internal and external customers. • Provides technical consultation on tasks; provides leadership and work guidance to less experienced personnel. • Provides recommendations of product for upgrades, patches and other general security measures in order to better secure systems for various clients.

What Information Security and Risk contributes to Cardinal Health Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments. Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500. We currently have a full-time job opening for an Information Security Engineer, Data Protection. This position can be either at our Dublin center or remote. Job Overview: The Information Security Engineer of Data Protection will assist the technical leader for the Data protection team at Cardinal Health. This Engineer will support the manager and senior information security engineer to architect, design, and support technology solutions to enhance our data security posture. This includes Cloud Access Security Broker technologies and Database monitoring solutions. Responsibilities: - Assist in designing and supporting the implementation of data protection tools. - Manage rules, configuration setup and deployments of detection capabilities through change control. - Contribute to the remediation and closure of events/incidents of concern in data protection platforms. - Partner with analysts towards the reduction of false positives by tuning controls. - Partner with the manager and technical lead to provide expertise to corporate, market segments and IT teams and implement appropriate security and monitoring controls. - Collaborating with internal IT and business teams to build and deploy security and monitoring controls for databases and CASB integrations. - Work with the manager and technical lead to define and then implement team processes to enable delivery of the Data protection road map initiatives. - Determine current and anticipate future data needs and support the development of security controls in collaboration with the data protection team. - Aid in educating data owners and key business technology and application leaders on data identification, secure handling, storage, and transfer of sensitive data. Qualifications - Demonstrated experience with database monitoring technologies and data security. - Deep understanding and prior experience with CASB solutions and ability to work on a team and independently towards deployment of solutions. - Demonstrated Information Security understanding and specifically industry best practices for the development of data protection team. - One or more Information Security Certifications preferred: CISSP, CSSLP, CISM, CCSP, GSLC, GSEC, CISA, SSCP. - Degree in related field or equivalent work experience. - 4-5 years of experience in related field preferred. What is expected of you and others at this level? - Contributes to the development of policies and procedures related to data protection. - Works on complex projects of large scope domestically and internationally - Develops technical solutions to a wide range of difficult problems. Solutions are innovative and consistent with organizational goals. - Continues to support the development of sensitive data processes to improve Cardinal Health enterprise security posture. - Works to create automation and orchestration solutions to assist with data protection initiatives. - Provides general guidance on new projects and tasks. - Recommends new practices, processes, metrics, or models. - Acts as a mentor to less experienced colleagues Anticipated salary range: $94,900 - $135,600 Bonus eligible: No Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being. - Medical, dental and vision coverage - Paid time off plan - Health savings account (HSA) - 401k savings plan - Access to wages before pay day with myFlexPay - Flexible spending accounts (FSAs) - Short- and long-term disability coverage - Work-Life resources - Paid parental leave - Healthy lifestyle programs Application window anticipated to close: 4/15/2026 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity. Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply. Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law. To read and review this privacy notice click here