Director, Exposure Management; Cybersecurity Defense

Position: Director, Exposure Management (Cybersecurity Defense)
** _What Cybersecurity Defense contributes to Cardinal Health_*
* Cybersecurity Defense focuses heavily on threat detection, incident response, and implementing security measures to protect our digital assets and infrastructure at Cardinal Health. The  _Director, Exposure Management_  is responsible for establishing, leading, and overseeing the exposure management program to proactively identify, prioritize, and reduce cybersecurity risk across network, cloud, endpoint, and data environments. This role drives the strategy and execution of vulnerability management, security configuration management, cloud and network security, endpoint security, and data protection capabilities.

Moreover, this Director leads core aspects of exposure management, including vulnerability identification and prioritization, security configuration management, cloud and network security monitoring, endpoint and mobile security, data loss prevention (DLP), and data security posture management (DSPM). This person plays a critical role in reducing the organization's attack surface, improving security posture, and enabling alignment with overarching cybersecurity & GTBS strategies.

** Location**  - Open to candidates nationwide working in a fully remote capacity, with preference towards those based in Central or Eastern time zones (willingness to travel into our Corporate HQ in Dublin, OH during certain period of the year is a plus)

** Responsibilities*
* + Develop and lead the exposure management strategy aligned with cybersecurity, risk management, and business objectives.

+ Define governance frameworks and processes to identify, assess, prioritize, and remediate security exposures across the organization.

+ Collaborate with cybersecurity leadership to align exposure management initiatives with broader cyber defense and risk reduction strategies.

+ Serve as an advisor to leadership on exposure trends, risk posture, and mitigation priorities.

+ Oversee enterprise vulnerability management capabilities, including identification, assessment, prioritization, and remediation tracking.

+ Define risk-based prioritization methodologies to evaluate vulnerabilities based on threat intelligence, exploitability, and business impact.

+ Oversee vulnerability scanning, reporting, and remediation processes across infrastructure, applications, and cloud environments.

+ Oversee vulnerability management tooling and engineering strategy (e.g., Rapid7) to support exposure visibility and remediation workflows.

+ Lead cloud security monitoring and posture management processes to detect misconfigurations, vulnerabilities, and anomalous activity across cloud environments.

+ Oversee CNAPP and CASB tooling strategies to monitor, control, and secure cloud applications and infrastructure.

+ Define firewall monitoring standards and rule configurations in collaboration with security architecture to ensure alignment with security policies.

+ Manage firewall and network security tooling to detect misconfigurations, policy violations, and anomalous activity.

+ Ensure alignment of cloud and network security controls with enterprise architecture and risk requirements.

+ Oversee endpoint security capabilities, including configuration management, drift detection, and enforcement of secure baselines.

+ Lead endpoint hardening, and monitoring strategies to reduce endpoint-related risks.

+ Direct mobile security initiatives to protect devices and applications through policy enforcement and monitoring.

+ Oversee endpoint and mobile security tooling strategy to enable consistent protection and compliance across the enterprise

+ Lead enterprise data protection capabilities, including endpoint, network, and cloud DLP programs.

+ Oversee design, implementation, and optimization of DLP tooling to monitor and prevent unauthorized data access, use, or exfiltration.

+ Establish and manage Data Security Posture Management (DSPM) capabilities to discover, classify, and assess sensitive data across environments.

+ Ensure alignment of data protection controls with regulatory requirements, privacy standards, and enterprise policies.

+ Define and enforce security configuration standards across…