Senior Manager - Supply Chain Cyber Resiliency

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere.

Apply today!

Summary: Reporting to Sr Director of US Supply Chain Solutions, the Senior Manager of Supply Chain Cyber Resiliency will be the primary architect of Cencora’s supply chain system cyber 'bounce-back' capability. In an era of increasing digital complexity and sophisticated threats, the role will lead the planning and execution of a holistic strategy designed to ensure our supply chain technology and systems remain robust, compliant, and recoverable.

The role isn't just managing backups; they are ensuring that if the worst happens, our business doesn't stop. This critical role will sit at the intersection of Cybersecurity, Business Continuity, and GDATS Supply Chain Systems, owning the end-to-end resiliency lifecycle from vulnerability mitigation to immutable data recovery.

• Identify, assess, and prioritize cyber risks specific to the supply chain ecosystem (including third-party vendors and OT environments).

• Collaborate with security teams, vendors and application owners to ensure proactive patching and threat modeling are integrated into supply chain operations.

• Drive a proactive vulnerability management lifecycle specifically for supply chain systems (WMS, TMS, ERP), ensuring that critical security patches are prioritized based on business risk rather than just severity scores.

• Collaborate with vendors and Business Risk Management teams to evaluate the cybersecurity posture of upstream and downstream partners, ensuring that third-party vulnerabilities do not become a 'backdoor' into our internal ecosystem.

• Facilitate comprehensive Business Impact Analyses (BIA) across all supply chain business units to map out interdependencies, Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs).

• Design end-to-end Resiliency Plans that provide 'manual workaround' procedures for logistics and warehouse teams during digital outages, ensuring physical operations can continue while systems are restored.

• Establish a cadence for plan reviews and tabletop exercises to ensure that resiliency playbooks evolve alongside the business's expanding digital footprint.

• Design, implement, and test a comprehensive Disaster Recovery framework tailored to global supply chain logistics.

• Shift the focus from traditional DR to Cyber Resiliency, ensuring systems can withstand and recover from active, malicious cyber-attacks (e.g., ransomware).

• Work with the functional owner of the Service Now CMDB for the supply chain domain.

• Ensure high data integrity and 'single source of truth' visibility into assets, dependencies, and configurations to facilitate rapid incident response.

• Lead a rigorous, multi-tiered testing program, ranging from component-level failovers to full-scale regional DR drills, documenting gaps and driving remediation efforts to closure.

• Partner with the Incident Response teams to ensure that DR execution is seamlessly integrated into the broader cyber incident response plan.

• Manages cyber remediation programs with cross-functional teams and vendors to provide support to supply chain application security programs, inclusive of remediation strategies and efforts to protect infrastructure and 3rd party application vulnerabilities.

• Oversees the planning, execution, and management of cyber planning activities and engagements related to functional area of responsibility.

• Develops key critical reports to be presented on vulnerabilities to stakeholders and serves as a subject matter expert (SME) for various cyber programs.

• Advises strategic and tactical direction and consultation on security initiatives and provides support and collaboration to ensure organizational objectives are met.

• Develops, refines and implements enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet internal and external compliance responsibilities.

• Supports documentation and tracking of policies, procedures, standards and system configurations and recommends and implements changes as necessary.

• Participates in goals/KPIs setting, budget creation and performance management of USSC Security Strategy team.

• Leads team in validating and evidence gathering for escalated security incidents and identifies root cause for application and/or network-related security issues and advises on remediation options.

• Contributes to the review of internal processes and activities and assists in identifying potential opportunities for…