Engineer, Information Security & Risk – PCI Compliance at Cardinal Health India

About Cardinal Health

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) stands as a global integrated healthcare services and products powerhouse. With nearly 100 years of experience, over 48,000 employees across nearly 60 countries, and $223 billion in FY25 revenue, we rank among the Fortune 500's top 20, #51 in America's Most Innovative Companies, and #5 in Fortune's Health Care Sector Leaders. We connect patients, providers, payers, pharmacists, and manufacturers for seamless care coordination and superior patient management.

Cardinal Health International India (CHII), part of our Global Technology and Business Services (GTBS) team, leverages cutting-edge technology to deliver scalable healthcare solutions. As a world-class capability center at the intersection of tech innovation and learning, CHII empowers teams to tackle healthcare's toughest challenges, enhancing efficiency and care quality across the value chain.

Role Overview

The Information Security and Risk team at Cardinal Health develops, implements, and enforces robust security controls to protect technology assets from threats. We handle system backups, disaster recovery, incident response, threat management, vulnerability scanning, and risk assessments. Our IT Governance and Compliance function aligns policies with regulatory, legal, and contractual demands, fostering a secure, compliant environment.

As Engineer, Information Security & Risk – PCI Compliance, you'll be a detail-oriented, proactive IT compliance specialist driving our enterprise PCI DSS Compliance Program. With deep expertise in PCI DSS, CCPA, and healthcare regulations, you'll grow the program, ensuring alignment with customer, business, IT, and PCI standards. Collaborate with Information Security, enterprise architects, IT solution owners, and training teams. Success metrics include effective program implementation, assessment execution, and evidence maintenance for PCI DSS compliance.

Key Responsibilities

Drive PCI DSS Program Execution

Serve as the primary coordinator and assessor, leading the organization's PCI DSS compliance efforts. Conduct thorough assessments to evaluate controls against PCI requirements, collaborating with finance, IT, security, and business stakeholders.

Manage Documentation and Audits

Maintain comprehensive compliance documentation and evidence for annual PCI DSS assessments and audits. Prepare Attestations of Compliance (AOCs) and Reports on Compliance (ROCs) for 13+ payment processes across multiple business units.

Identify and Remediate Gaps

Work with solution owners to pinpoint control gaps and vulnerabilities, prioritize by risk, and develop action plans addressing root causes. Monitor open issues to closure, enhancing operational efficiency.

Optimize Controls

Assess the PCI control environment for improvements, streamlining, automating, or consolidating processes like payment processors to reduce risk and costs while boosting efficiency. Support readiness activities, gap assessments, and ongoing compliance initiatives.

Qualifications & Requirements

To excel, bring in-depth knowledge of PCI DSS, CCPA, and international privacy/security regulations impacting healthcare. Proficiency in control frameworks is essential. Ideal candidates have 5+ years in IT compliance, auditing, or risk management, with proven experience in PCI assessments.

• Expertise in PCI DSS requirements and healthcare compliance
• Strong analytical skills for gap analysis and risk prioritization
• Excellent collaboration and communication for cross-functional partnerships
• Familiarity with vulnerability management, incident response, and IT governance
• Bachelor's in Computer Science, Information Security, or related field; certifications like CISSP, CISA, or PCI ISA preferred

Benefits & Perks

Joining Cardinal Health means accessing premium benefits tailored for high performers in India's tech hub:

• Competitive salary estimated at INR 18-33 lakhs annually, with performance incentives
• Comprehensive health insurance and wellness programs
• Flexible work options and modern office in IND07
• Learning opportunities in a global innovation center
• Generous paid time off and parental leave

Career Growth

At CHII, career progression is data-driven. Advance from Engineer to Senior roles, Compliance Lead, or global security positions. Our GTBS team invests in certifications, leadership training, and cross-functional projects, positioning you for impact in healthcare's digital transformation.

Why Join Us

Be part of a resilient, secure digital ecosystem safeguarding healthcare data worldwide. In a $223B revenue giant, your PCI expertise directly supports better patient outcomes. Enjoy India's vibrant tech ecosystem, collaborative culture, and mission to improve lives daily.

Role FAQs

What is the focus of this PCI Compliance role?

Primarily driving PCI DSS program execution, assessments, audits, and control optimization across 13+ payment processes.

Is travel required?

Minimal; role is based in IND07, India, with virtual collaboration globally.

What tools or frameworks are used?

PCI DSS, CCPA, vulnerability scanners, GRC platforms, and collaboration tools like Jira or ServiceNow.

How does this role impact Cardinal Health?

Ensures compliance, reduces risks, and streamlines payments, supporting $223B operations securely.

Application process?

Submit resume via Cardinal Health careers portal; interviews include technical PCI scenarios and stakeholder discussions.