Director, Exposure Management (Cybersecurity Defense)

What Cybersecurity Defense contributes to Cardinal Health

Cybersecurity Defense focuses heavily on threat detection, incident response, and implementing security measures to protect our digital assets and infrastructure at Cardinal Health. The Director, Exposure Management is responsible for establishing, leading, and overseeing the exposure management program to proactively identify, prioritize, and reduce cybersecurity risk across network, cloud, endpoint, and data environments. This role drives the strategy and execution of vulnerability management, security configuration management, cloud and network security, endpoint security, and data protection capabilities. Moreover, this Director leads core aspects of exposure management, including vulnerability identification and prioritization, security configuration management, cloud and network security monitoring, endpoint and mobile security, data loss prevention (DLP), and data security posture management (DSPM). This person plays a critical role in reducing the organization’s attack surface, improving security posture, and enabling alignment with overarching cybersecurity & GTBS strategies.

Location - Open to candidates nationwide working in a fully remote capacity, with preference towards those based in Central or Eastern time zones (willingness to travel into our Corporate HQ in Dublin, OH during certain period of the year is a plus)

Responsibilities

• Develop and lead the exposure management strategy aligned with cybersecurity, risk management, and business objectives.

• Define governance frameworks and processes to identify, assess, prioritize, and remediate security exposures across the organization.

• Collaborate with cybersecurity leadership to align exposure management initiatives with broader cyber defense and risk reduction strategies.

• Serve as an advisor to leadership on exposure trends, risk posture, and mitigation priorities.

• Oversee enterprise vulnerability management capabilities, including identification, assessment, prioritization, and remediation tracking.

• Define risk-based prioritization methodologies to evaluate vulnerabilities based on threat intelligence, exploitability, and business impact.

• Oversee vulnerability scanning, reporting, and remediation processes across infrastructure, applications, and cloud environments.

• Oversee vulnerability management tooling and engineering strategy (e.g., Rapid7) to support exposure visibility and remediation workflows.

• Lead cloud security monitoring and posture management processes to detect misconfigurations, vulnerabilities, and anomalous activity across cloud environments.

• Oversee CNAPP and CASB tooling strategies to monitor, control, and secure cloud applications and infrastructure.

• Define firewall monitoring standards and rule configurations in collaboration with security architecture to ensure alignment with security policies.

• Manage firewall and network security tooling to detect misconfigurations, policy violations, and anomalous activity.

• Ensure alignment of cloud and network security controls with enterprise architecture and risk requirements.

• Oversee endpoint security capabilities, including configuration management, drift detection, and enforcement of secure baselines.

• Lead endpoint hardening, and monitoring strategies to reduce endpoint-related risks.

• Direct mobile security initiatives to protect devices and applications through policy enforcement and monitoring.

• Oversee endpoint and mobile security tooling strategy to enable consistent protection and compliance across the enterprise

• Lead enterprise data protection capabilities, including endpoint, network, and cloud DLP programs.

• Oversee design, implementation, and optimization of DLP tooling to monitor and prevent unauthorized data access, use, or exfiltration.

• Establish and manage Data Security Posture Management (DSPM) capabilities to discover, classify, and assess sensitive data across environments.

• Ensure alignment of data protection controls with regulatory requirements, privacy standards, and enterprise policies.

• Define and enforce security configuration standards across systems, infrastructure, and endpoints.

• Oversee configuration drift detection and remediation processes to maintain secure and compliant baselines.

• Collaborate with IT and engineering teams to ensure secure configurations are embedded into system builds and deployment pipelines.

• Drive continuous improvement of configuration management practices to reduce exposure and improve resilience.

• Lead engineering and optimization of exposure management tools, including vulnerability management, CNAPP, CASB, DLP, and endpoint security platforms.

• Define use cases, technical requirements, and configurations to enhance detection, monitoring, and remediation capabilities.

• Drive automation of exposure detection, prioritization, and remediation workflows to improve efficiency and scalability.

• Ensure integration of exposure management tools with broader cybersecurity platforms and processes.

• Collaborate with cybersecurity, IT, engineering, and business teams to integrate exposure management into enterprise processes and initiatives.

• Partner with risk and compliance teams to align exposure management activities with enterprise risk frameworks and regulatory requirements.

• Provide actionable insights and reporting to leadership on exposure trends, remediation progress, and risk reduction outcomes.

• Support audit and regulatory activities by providing documentation and evidence related to exposure management practices.

• Define and track KPIs and KRIs related to vulnerability management, configuration compliance, and exposure reduction.

• Provide regular reporting to leadership on security posture, exposure trends, and remediation effectiveness.

• Identify opportunities to enhance exposure visibility, prioritization accuracy, and remediation efficiency.

• Drive continuous improvement initiatives to mature exposure management capabilities.

• Build and lead a high-performing exposure management team with capabilities across vulnerability management, cloud security, endpoint security, and data protection.

• Develop team capabilities through training, mentoring, and structured career development initiatives.

• Foster a culture of accountability, collaboration, and continuous improvement.

• Ensure alignment of team capabilities with evolving threat landscape and organizational needs.

Qualifications

• Ideally targeting individuals with 10+ years of experience in cybersecurity, with a focus on vulnerability management, cloud security, endpoint security, or data protection.

• Deep expertise in exposure management practices, including vulnerability assessment, configuration management, and risk-based prioritization.

• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and regulatory requirements.

• Experience leading security engineering and operational teams focused on exposure reduction and risk mitigation.

• Demonstrated ability to collaborate with cross-functional teams and influence technical and business stakeholders.

• Strong leadership, analytical, and problem-solving skills.

• Experience in highly regulated industries, a plus.

• Experience with modern cloud security, network security, and data protection technologies, a plus.

#LI-LP

#LI-Remote

Anticipated salary range: $135,400 - $208,100

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage

• Paid time off plan

• Health savings account (HSA)

• 401k savings plan

• Access to wages before pay day with myFlexPay

• Flexible spending accounts (FSAs)

• Short- and long-term disability coverage

• Work-Life resources

• Paid parental leave

• Healthy lifestyle programs

Application window anticipated to close: 07/01/2026 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate’s geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here (