Director, CISO Strategy & Transformation Office

What Information Security and Risk contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

The Director, CISO Strategy & Transformation Office is a senior leader responsible for establishing, executing, and continuous monitoring of the global cybersecurity & infrastructure program strategy, portfolio governance, and operational performance. Reporting to the SVP, Chief Information Security Officer (CISO), this role serves as a central integration point across cybersecurity, technology, and business teams to align cybersecurity & infrastructure priorities, enterprise objectives, and risk management outcomes.

This role leads the design and execution of the CISO strategy, portfolio management, financial governance, vendor management, and program performance monitoring. It also plays a critical role in setting cybersecurity mergers and acquisitions (M&A) strategy and coordinating related activities such as the integration of security & platform capabilities, processes, and technologies. The Director drives operational excellence through structured intake, prioritization, and delivery of CISO program initiatives while promoting a data-driven, risk-based approach to decision-making.

• Support the development and socialization of the cybersecurity & infrastructure strategy and multi-year roadmap aligned with enterprise goals, risk priorities, and evolving threat landscapes
• Collaborate with the CISO to define program objectives, success metrics, and performance expectations, ensuring alignment with broader technology and business strategies
• Serve as an advisor to cybersecurity, infrastructure, and business leadership, enabling informed decision-making through structured planning, reporting, and analysis
• Establish governance mechanisms to create consistency, transparency, and accountability across cybersecurity initiatives and program activities

• Lead the management of the CISO program portfolio, including prioritization, planning, execution, and tracking of initiatives and projects
• Maintain standardized processes for project intake, scoping, resource allocation, and delivery across Global Cybersecurity and Infrastructure Services teams
• Provide centralized visibility into project status, risks, dependencies, and outcomes to support effective execution and leadership reporting
• Ensure alignment between cybersecurity & infrastructure initiatives, product roadmaps, and enterprise transformation efforts
• Drive adoption of scalable delivery practices to enhance execution efficiency and responsiveness to changing CISO program priorities

• Monitor and report on CISO program performance using key performance indicators (KPIs) and key risk indicators (KRIs)
• Provide ongoing insight into program health, operational performance, emerging risks, and strategic progress to support executive decision-making
• Standardize reporting frameworks to enable consistency across CISO program functions, including executive, business unit, and operational reporting
• Leverage data and analytics to inform prioritization, funding decisions, and continuous improvement efforts

• Oversee CISO program financial planning, including budgeting, forecasting, and resource alignment to strategic priorities
• Evaluate program spend, financial performance, and demand planning to ensure efficient and scalable use of…