Director, Security Architecture

What Information Security and Risk contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back‑up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

Job Summary

The Director, Security Architecture is responsible for establishing, leading, and developing the security architecture strategy, standards, and design practices to enable secure, scalable, and resilient technology solutions across the organization. Reporting to the Vice President, Information Security & Risk, this role serves as a technical leader responsible for aligning security architecture with business priorities, risk management objectives, and enterprise GTBS strategies.

This role leads all aspects of security architecture, including architecture strategy and governance, technical security standards, solution design and advisory, architecture reviews, and tooling optimization. It plays a critical role in embedding security into the development lifecycle, guiding technology investments, and ensuring that security requirements are integrated into enterprise architectures and solutions from inception through deployment.

Responsibilities

Organizational Leadership & Architecture Strategy

• Develop and lead the enterprise security architecture strategy aligned with cybersecurity, risk management, and business objectives
• Establish governance frameworks and processes to guide secure design, technology selection, and solution deployment across the organization
• Collaborate with cybersecurity leadership, enterprise architecture, and technology teams to define target‑state architecture and long‑term roadmap
• Serve as an advisor to leadership on security architecture priorities, risks, and investment decisions

Security Architecture Standards & Governance

• Develop, maintain, and enforce enterprise security architecture standards, including design principles, control requirements, and implementation guidelines
• Ensure standards are aligned with regulatory requirements, industry frameworks, and organizational risk tolerance
• Establish governance processes for adoption and enforcement of architecture standards across global cybersecurity and technology teams
• Continuously update and refine standards to address emerging threats, technologies, and business needs

Security Architecture Review & Validation

• Oversee architecture review processes to evaluate solutions and system designs against security standards, risk requirements, and enterprise architecture
• Ensure security risks are identified, documented, and addressed prior to implementation
• Provide approval and validation of security architecture decisions, including exception handling and risk acceptance processes
• Drive consistency and quality in architecture review practices across teams

Cybersecurity Advisory for Development & Design

• Provide proactive security guidance and risk‑informed recommendations during solution design and development
• Partner with application, engineering, and commercial technology teams to embed security requirements early in the development lifecycle
• Support security‑by‑design reviews, pre‑implementation assessments, and architecture decision‑making for new initiatives and technologies
• Act as a technical liaison to translate security requirements and risks for both technical and non‑technical stakeholders

Security Tooling & Architecture Optimization

• Assess, rationalize, and optimize the cybersecurity tooling landscape to reduce complexity, eliminate redundancies, and improve capability coverage
• Ensure tooling aligns with enterprise security architecture and supports effective risk management and operational capabilities
• Partner with engineering and infrastructure teams to integrate tools into the broader cybersecurity ecosystem
• Drive continuous improvement of tooling strategy to support scalability, efficiency, and innovation

Security Architecture Design & Engineering Enablement

• Define and support reference architectures, design patterns, and reusable security solutions to enable secure system development
• Oversee and guide the implementation of security controls within applications, infrastructure, and platforms
• Support teams in designing secure solutions that balance security, performance scalability, and usability
• Promote adoption of secure‑by‑design principles across development and engineering teams

Capability Mapping & Roadmap Development

• Assess current and target security capabilities, mapping them to business priorities and risk requirements
• Develop and maintain a phased roadmap to guide strategic security architecture investments and capability maturity
• Align architecture initiatives with enterprise transformation efforts and emerging technology trends
• Provide visibility into capability gaps and investment priorities to support strategic planning

Stakeholder Engagement & Integration

• Collaborate with enterprise architecture, IT, engineering, risk, and compliance teams to ensure alignment of security architecture with enterprise initiatives
• Partner with BISOs and business stakeholders to integrate security into business and technology strategies
• Provide guidance and support for cybersecurity requirements in projects, ensuring alignment with architecture standards
• Drive consistent communication and alignment across global cybersecurity and technology teams

Talent Leadership & Capability Development

• Build and lead a high‑performing security architecture team with expertise across domains such as cloud, application, infrastructure, and data security
• Develop team capabilities through coaching, training, and structured career development initiatives
• Foster a culture of technical excellence, innovation, and continuous improvement
• Ensure alignment of team capabilities with evolving cybersecurity and business needs

Qualifications

• 10+ years of experience in cybersecurity, security architecture, or information security, with a focus on enterprise architecture and solution design preferred
• Deep expertise in security architecture frameworks, secure design principles, and enterprise technology environments
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and regulatory requirements
• Experience leading architecture reviews, defining standards, and guiding secure solution development
• Demonstrated ability to collaborate with cross‑functional teams and influence technical and business stakeholders
• Strong leadership, communication, and problem‑solving skills
• Experience in a leadership role overseeing security architecture or engineering teams
• Experience in highly regulated industries (e.g., aviation, financial services, healthcare, or government)
• Advanced degree (MBA, MS in Cybersecurity, Information Systems, or related field) preferred
• Professional certifications such as CISSP, CCSP, SABSA, or TOGAF
• Experience with cloud security architecture, DevSecOps, and modern application development practices

What is expected of you and others at this level

• Provides leadership to managers and experienced professional staff; may also manage front line supervisors
• Manages an organizational budget
• Develops and implements policies and procedures to achieve organizational goals
• Assists in the development of functional strategy
• Decisions have an extended impact on work processes, outcomes, and customers
• Interacts with internal and/or external leaders, including senior management
• Persuades others into agreement in sensitive situations while maintaining positive relationships

Anticipated salary range

$135,400 - $208,100

Benefits

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short‑ and long‑term disability coverage
• Work‑Life resources
• Paid parental leave

EEO Statement

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here (