BISO (Business Information Security Office) Lead

· Remote

Location

Remote

Type

Full Time

Job Description

CencoraJobs
BISO (Business Information Security Office) Lead

BISO (Business Information Security Office) Lead

Posted 2 Hours Ago
Be an Early Applicant
Hiring Remotely in Texas USA
Remote
Senior level
Healthtech • Logistics • Pharmaceutical
We are united in our responsibility to create healthier futures
The Role
Lead the Business Information Security Office to manage security architecture risk assessments GRC compliance and mentor teams ensuring robust security practices across the organization.
Summary Generated by Built In
Our team members are at the heart of everything we do. At Cencora we are united in our responsibility to create healthier futures and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
Job Details
Purpose & Impact
The Business Information Security Office Lead serves as the strategic bridge between business/IT stakeholders and security teams ensuring that security architecture principles security requirements risk management practices and governance risk and compliance (GRC) requirements are deeply embedded into technology implementations enterprise processes and organizational decision-making. This role owns and drives secure architecture reviews provides authoritative guidance on design patterns risk treatment strategies and compliance obligations - ultimately reducing risk exposure across multiple platforms and business domains.
Responsibilities
Lead Security Architecture Design & Review
  • Drive and contribute to the end-to-end secure architecture review process for on-prem cloud and hybrid applications/infrastructure ensuring adherence to secure design principles reference architectures security requirements and compliance standards.
  • Support the use of and contribute to security architecture patterns blueprints and reference models that align with enterprise strategy and evolving threat landscapes.
  • Evaluate proposed technical designs and system integrations to ensure security requirements are met providing prescriptive architectural and control recommendations.
  • Perform security reviews for operational and architectural changes

Drive Enterprise Risk Management
  • Lead and support comprehensive risk assessments - including threat modeling control gap analysis compensating control and risk quantification - for complex high-impact projects and initiatives.
  • Support the maintenance of the risk register ensuring identified risks are documented assigned ownership is appropriate tracked through remediation and reported to leadership.
  • Propose and validate risk mitigation and treatment strategies balancing security requirements with business objectives and risk appetite.

Support Governance Activities the GRC Program
  • Support and advance the organization's Governance Risk and Compliance (GRC) program ensuring alignment with regulatory requirements and industry frameworks (e.g. NIST CSF/800-53 ISO 27001/27002 SOC 2 GDPR HIPAA CMMC).
  • Lead the evidence gathering control testing and documentation processes for internal and external audits regulatory examinations and certification efforts.
  • Develop refine and enforce security policies standards and guidelines in collaboration with legal compliance and business stakeholders.

Serve as Primary Security Officer & Risk Contact
  • Act as the authoritative resource for security architecture and risk management across business initiatives ensuring requirements are understood prioritized and implemented effectively.
  • Embed security and risk considerations early in the technology and project lifecycle (shift-left approach) partnering with solution architects engineering and product teams.

Communicate & Report on Risk Posture
  • Translate complex security architecture risks and GRC findings into business terms for project managers executive leadership and board-level audiences - highlighting operational financial and reputational impacts.
  • Drive the development and maintenance of dashboards and reports tracking key risk indicators (KRIs) vulnerability trends audit findings control effectiveness compliance status across assigned domains etc.
  • Present periodic risk and compliance briefings to senior leadership and governance committees.
  • Build deep institutional knowledge through continuous engagement with business and IT stakeholders to ensure alignment to information security expectations.

Support Incident Response & Resilience
  • Assist in planning and coordinating remediation and recovery efforts during security incidents with a focus on architectural root-cause analysis and control improvement.
  • Incorporate lessons learned from incidents into architecture standards and risk assessments to strengthen the organization's security posture.

Mentor & Build Organizational Capability
  • Provide guidance coaching and knowledge-sharing to junior architects BISO staff and cross-functional team members to elevate organizational security and risk management maturity.
  • Foster a risk-aware culture through training awareness programs and stakeholder engagement.

Required Qualifications
  • Bachelor's degree in Information Security Computer Science Risk Management or a related field.
  • 7-10 years of progressive experience in security architecture IT risk management and/or GRC.
  • Deep knowledge of cybersecurity frameworks and regulatory standards including OWASP NIST CSF NIST 800-53 ISO 27001/27002 SOC 2 GDPR and HIPAA.
  • Demonstrated experience designing and reviewing secure architectures across cloud (AWS Azure GCP) hybrid and on-premises environments.
  • Proven ability to conduct threat modeling risk quantification and control assessments for complex enterprise environments.
  • Hands-on experience with GRC platforms and tools (e.g. ServiceNow Archer OneTrust or similar).
  • Ability to influence cross-functional teams and communicate security architecture and risk concepts - both verbally and in writing - to business leaders technical teams and executive stakeholders.
  • Experience developing and maintaining security policies standards and risk registers.

Preferred Skills
  • Experience implementing and improving cybersecurity solutions and supporting operational processes
  • Experience in infrastructure/network engineering and IT operations
  • Experience designing and implementing Zero Trust architecture principles at scale.
  • Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
  • Experience with risk quantification methodologies (e.g. FAIR).
  • Knowledge of cloud-native security services and infrastructure-as-code security scanning.
  • Experience supporting M&A due diligence or third-party risk management from an architecture and GRC perspective.

Certifications
  • CISSP CISM or CCSP - required (or obtained within 12 months of hire).
  • CRISC (Certified in Risk and Information Systems Control) - highly preferred.
  • Additional certifications valued: CGEIT TOGAF SABSA AWS/Azure Security Specialty.

What Cencora offers
We provide compensation benefits and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical dental and vision care we also provide a comprehensive suite of benefits that focus on the physical emotional financial and social aspects of wellness. This encompasses support for working families which may include backup dependent care adoption assistance infertility coverage family building support behavioral health solutions paid parental leave and paid caregiver leave. To encourage your personal growth we also offer a variety of training programs professional development resources and opportunities to participate in mentorship programs employee resource groups volunteer activities and much more. For details visit https://www.virtualfairhub.com/cencora
Full time
Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race color religion sex sexual orientation gender identity genetic information national origin age disability veteran status or membership in any other class protected by federal state or local law.
The company's continued success depends on the full and effective utilization of qualified individuals. Therefore harassment is prohibited and all matters related to recruiting training compensation benefits promotions and transfers comply with equal opportunity principles and are non-discriminatory.
Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment please call 888.692.2272 or email [email protected]. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
Affiliated Companies
Affiliated Companies: AmerisourceBergen Services Corporation

Skills Required

  • Bachelor's degree in Information Security Computer Science Risk Management or related field
  • 7-10 years of progressive experience in security architecture IT risk management and/or GRC
  • Deep knowledge of cybersecurity frameworks and regulatory standards including NIST CSF ISO 27001 SOC 2
  • Demonstrated experience designing and reviewing secure architectures across cloud hybrid and on-prem environments
  • Proven ability to conduct threat modeling risk quantification and control assessments
  • Hands-on experience with GRC platforms and tools
  • CISSP CISM or CCSP - required

What the Team is Saying

Jason
Silvana
Paul Fritzsch
Denesha Thompson
Cindy Aviles
Denesha Thompson
Tina Martinez

Cencora Compensation & Benefits Highlights

  • Healthcare StrengthCoverage is presented as comprehensive from day one including medical dental vision prescription behavioral health and a wellness program that can lower premiums. Condition-specific and family-building supports reinforce the depth of healthcare offerings.
  • Parental & Family SupportPaid parental leave of 12 weeks two weeks of caregiver leave backup child care and coverage for fertility adoption and surrogacy illustrate broad family support. Feedback suggests these programs serve diverse family needs.
  • Retirement SupportThe 401(k) match (100% on the first 3% and 50% on the next 2%) is paired with a discounted ESPP and savings accounts. Tuition reimbursement and scholarships further strengthen long‑term financial security.

Cencora Insights

Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Conshohocken PA
51000 Employees
Year Founded: 2023

What We Do

Cencora is a leading pharmaceutical solutions organization centered on improving the lives of people and animals everywhere. With 46000+ global team members we have the opportunity to make a positive impact on healthcare in communities everywhere. Our team members are empowered to activate their careers through a collective of tools and resources designed to support individual career interests and aspirations. We value our listening culture that actions real outcomes and our team members appreciate and recognize one another for contributions that are making a meaningful global impact. No matter what your role is here the work we do together has meaning. When you join our team you become a crucial part of a greater purpose. We’re committed to supporting you personally and professionally so we can achieve more together at the center of health.Protect yourself from job scams: Recruitment scams are on the rise. To protect yourself we urge you to be vigilant and follow these guidelines > https://careers.cencora.com/us/en/job-scams

Gallery

Cencora Teams

Team
Early Careers
Team
Information Technology
About our Teams

Cencora Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
Company Office Image
HQConshohocken PA
Bolsover GB
București RO
Carrollton TX
Chessington GB
Dříteň CZ
Feltham GB
Gennevilliers FR
Marseille FR
Oakville ON
Company Office Image
Pune Maharashtra
Villanueva de Gállego Zaragoza
Vilniaus miesto LT
Woking GB
Zaragoza Zaragoza
Learn more

Similar Jobs

Cencora

Engineer II - Insider Threat

Healthtech • Logistics • Pharmaceutical
Remote
Texas USA
51000 Employees

Cencora

Automation Engineer

Healthtech • Logistics • Pharmaceutical
Remote
Texas USA
51000 Employees

Cencora

Product Manager

Healthtech • Logistics • Pharmaceutical
Remote
Texas USA
51000 Employees
124K-191K Annually

Cencora

Business Analyst

Healthtech • Logistics • Pharmaceutical
Remote
Texas USA
51000 Employees
Apply Now

Date Posted

05/14/2026

Views

0

Back to Job Listings Add To Job List Company Profile View Company Reviews
Neutral
Subjectivity Score: 0

Similar Jobs

142,000+ Jobs Tracked
12,400+ Companies
1,930 Categories