Manager - Information Security

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today

Position Summary

This role is responsible for planning, executing, and managing multi-faceted projects related to Information Security Human Risk, including the oversight and execution of a comprehensive simulated phishing program, planning ongoing security awareness initiatives, including Cybersecurity Awareness Month, and serving as the primary contact for all information security domain-support communications. This role will also manage the lifecycle of the organization's security culture assessments, from strategy to execution and work with business leaders to provide actionable insights to enhance their security posture.

Information Security Managers are focused on developing and driving security strategies, and policies/standards, ensuring the effectiveness of solutions and providing security-focused consultative services to the organization. They work on security initiatives/issues for Information Security functional area of responsibility. They communicate and educate IT organization and the business about Information Security policies and industry standards and provide solutions for enterprise/service security issues and are responsible for driving the Information Security team focused on protecting businesses.

Our team member experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity. They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence.

Primary Duties and Responsibilities

• Execute a comprehensive simulated phishing program to educate employees on identifying and responding to phishing attempts, including conducting monthly phishing simulation exercises and analyzing results for continuous improvement.
• Plan and implement monthly ongoing security awareness initiatives, including Cybersecurity Awareness Month activities, to cultivate a proactive security culture within the organization.
• Utilize diverse communication methods (e.g., newsletters, workshops, webinars) to effectively promote security culture and best practices across the organization, serving as the primary point of contact for all information security communications.
• Conduct regular security culture assessments of the organization's security awareness levels, identifying areas for improvement, and collaborating with stakeholders to enhance security policies and procedures based on assessment findings and emerging threats.
• Collaborate and support Information Security teams in creating communication plans for short term and long-term project initiatives to ensure consistent and clear communication of Information Security initiatives to the enterprise.
• Develop and implement metrics to assess the effectiveness of training and awareness programs, including user engagement tracking and compliance rates, analyzing data to prepare reports demonstrating the impact on overall security posture and employee behavior.
• Identify opportunities for automation within training and awareness initiatives to enhance efficiency and effectiveness, staying current with technological advancements in security training to incorporate innovative solutions.
• Collaborate in setting goals and KPIs, budget creation, and performance management for the Information Security Strategy team to align with organizational objectives.
• Ensure all training and awareness activities comply with relevant regulations and standards (e.g., GDPR, HIPAA, PCI-DSS) and prepare regular compliance reports for leadership and regulatory bodies, highlighting training outcomes and areas for improvement.
• Identify opportunities for automation within training and awareness initiatives to enhance efficiency and effectiveness, staying current with technological advancements in security training to incorporate innovative solutions.
• Work closely with IT and security teams to align training initiatives with existing technical controls and security measures, ensuring comprehensive employee education.
• Engage in cross-functional projects to integrate security awareness into broader organizational initiatives, promoting a unified approach to security across all departments.
• Prepare and present regular updates to leadership regarding the status of training and awareness initiatives, including metrics, compliance outcomes, and recommendations for resource allocation to enhance training efforts.

.

Required Education, Experience and Knowledge

Education

• Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

Work Experience

• 7+ years of directly-related or relevant experience with 2+ years in a managerial capacity, preferably in information security.

Skills and Knowledge

Behavioral Skills

• Coaching and Mentoring
• Collaboration
• Conflict Resolution
• Critical Thinking
• Detail Oriented
• People Management
• Presentation Skills

Technical Skills

• Strong written communication skills
• Data Analysis
• IT Controls
• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
• IT Risk Management

Tools Knowledge

• Proficient with Microsoft Office Suite
• Proficient with Simulated Phishing Software
• Knowledge of Learning Management Systems and training creation software, such as Articulate Storyline/Rise

Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements.

Full time

Affiliated Companies: AmerisourceBergen Services Corporation

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call or email We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned