Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details PRIMARY DUTIES AND RESPONSIBILITIES: - Leads and oversees the design and implementation of advanced and complex enterprise information security architectures and solutions - Provides technical leadership to the Information security team consisting of Architects, Analysts, and Engineers - Reviews security technologies, tools, and services and provides recommendations to IT, business, and project teams ensuring that solutions are in line with the architecture direction and business strategies - Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities aligned with the business, technology, and threat drivers - Defines the future state of Information Security Strategy solution architecture - Executes security engagements during different phases of the lifecycle assessment, design, and implementation - Works with senior stakeholders to find effective security solutions that work towards improving the overall security posture of the organization by balancing business requirements with cybersecurity needs - Provides guidance, & coaching to Architects I/II and provides overall technical expertise to the Information security department and business stakeholders - Develops, matures, and maintains security architecture strategy, principles, models, standards, guidelines, and configurations - Defines key building blocks for future state architecture and creates a roadmap to realize the same - Researches, models, and tracks secure system standards, industry trends, market technology, potential threats, tactics, and procedures for ecosystem applicability and reference - Creates detailed and clear functional technical requirements for the organization's security operations engagement and interaction, ensuring stakeholders clearly understand how to engage with Information Security Strategy services - Analyzes root cause for technical issues, and design measures and methods to mitigate future re-occurrences - Identifies solutions and implements automation of vulnerability scanning and monitoring of the organization's infrastructure, applications, and network - Prioritizes architectural needs and solutions with other senior executives and ensures they are in line with, criticality, feasibility, and Information Security Strategy EDUCATIONAL QUALIFICATIONS: Education: - Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience. Preferred Certifications: - Azure Security Engineer Certification - Certified Cloud Security Professional (CCSP) - Certification in Information Security Strategy Management (CISM) - Certified Information Systems Security Professional (CISSP) - CompTIA Security + Certification - Project Management Professional (PMP) Certification - Systems Security Certified Practitioner (SSCP) - TS-SCI Security Clearance Certification WORK EXPERIENCE: - 12+ years of directly-related or relevant experience, preferably in information security. SKILLS & KNOWLEDGE: Behavioral Skills: - Coaching and Mentoring - Decision Making - Impact and Influencing - Leadership Skills - Multitasking - Presentation Skills - Planning Technical Skills: - Application Architecture - Cybersecurity - Enterprise Architecture - Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI) - IT Risk Management - Network Solutions and Systems - Information Security Strategy - Threat Modelling - Security and Compliance Frameworks (i.e. CCM, NIST 800-53, CIS) Tools Knowledge: - Microsoft Office Suite - Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL - Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc. What Cencora offers We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora Full time Salary Range* $156,300 - 241,010 *This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York/Hawaii/Vermont/Minnesota/Massachusetts/Illinois State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range. Equal Employment Opportunity Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned Affiliated Companies: Affiliated Companies: AmerisourceBergen Services Corporation

• Manages development, documentation, and presentation of information system security education, awareness, and training activities for facility management, information system personnel, users and others, as appropriate. • Oversees identification and documentation of unique local threats/vulnerabilities to information system. • Manages coordination of the facility information system security program with other facility security programs. • Oversees periodic self-inspections of the facility's information system program are conducted as part of the overall facility self-inspection program and that corrective action is taken for all identified findings and vulnerabilities. • Manages development of facility procedures to govern marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media and equipment containing classified information. • Manages reports of information system security incidents. • Follows up to ensure that proper protection or corrective measures have been taken when an incident/vulnerability has been discovered. • Oversees implementation of vendor supplied authentication (password, account names) features or security relevant features. • Oversees implementation of security features for the detection of malicious code, viruses, and intruders (hackers), as appropriate. • Develops and implements specific and remote maintenance procedures based on requirements provided by the CSA. • Oversees selection, hiring, training, and evaluation of employees to enhance their performance, development, and work product. • Addresses performance issues and makes recommendations for personnel actions. • Motivates and rewards employees including providing salary increases, bonuses and promotions within allocated budgets and company guidelines. • Oversees preparation and recommendation of operating and personnel budgets for approval. • Monitors spending for adherence to budget, recommends variances as necessary.

• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. • Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools. • Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. • Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. • Reacts to and initiates corrective action regarding security violations. • Oversees user access process to ensure operational integrity of the system. • Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords. • Develops technical and programmatic assessments and provides technical support to assess security policies, standards and guidelines. • Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.

• Design and implement the identity, access, and security foundation of the Human-Led AI Orchestration Layer • Ensure that every Action Point™, AI decision, and workflow is securely authorized, auditable, and aligned with human intent • Implement and manage authentication using Clerk across frontend and backend • Design RBAC and permission models aligned with human-led decision workflows • Implement secure session handling, JWT validation, and token lifecycles • Integrate identity flows with FastAPI (Python) backend services • Support secure authentication flows in React + TypeScript frontend applications • Ensure consistent authorization enforcement across APIs, services, agents, tools, and data access layers • Implement best practices for OAuth2, JWT, CORS, CSRF protection, and rate limiting • Harden APIs and identity boundaries for multi-tenant SaaS use cases • Document identity architecture and provide knowledge transfer to the team • Design and implement identity and permission models for AI agents, tools, and automated workflows • Define and enforce capability-based permission scopes for agents