Senior Analyst, IT Business Solutions

What Application Development & Maintenance contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services.

This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Application Development & Maintenance performs configuration or coding to develop, enhance and sustain the organization's software systems in a cross-functional team environment through adherence to established design control processes and good engineering practices.

Application Development & Maintenance partners with business leaders, investigates user needs and conducts regular assessments, maintenance and enhancements of existing applications.

The job will be supporting mostly the Wave Mark™ Supply Management & Workflow Solutions which is a SaaS solution enabling healthcare providers and manufacturers to effectively manage supplies with market-leading innovative technology. Wave Mark leverages a portfolio of advanced hardware (e.g., RFID) and cloud-based software including an analytics platform providing full visibility and control of all supplies from low-cost commodities to high-cost devices and implants.

Our global footprint and continuous innovation deliver the most cost effective and workflow efficient patient care possible.

The IT Analyst plays a critical role in protecting the organization’s digital assets by working cross-functionally to design, implement, monitor, and enforce security processes and procedures. This position collaborates with software and hardware engineering, compliance, and other business units to ensure robust security practices are integrated across applications and operations. The analyst is responsible for developing and implementing mitigation strategies and maintaining compliance with industry standards and regulations.

• Application Portfolio Management (APM):
• Manage and maintain APM records (Wavemark, Margin Analysis), ensuring data accuracy.
• Track APM resiliency deadlines and update relevant systems (worksheets, Service Now).
• Monitor Archer dashboards for upcoming deadlines and past-due remediations.
• Facilitate status calls with stakeholders regarding application resiliency, exemptions, and remediation.
• Collaborate with IT and business teams for APM record updates and reporting.
• Application Security & Compliance:
• Analyze security threats, vulnerabilities, and audit findings to prioritize remediation.
• Collaborate with product management and development teams to plan and schedule security fixes that align with business objectives.
• Support the integration of application logs into the SIEM and develop monitoring and alerting systems to detect potential application attacks and resiliency issues.
• Develop and implement testing/validation processes for security system effectiveness.
• Ensure adherence to enterprise security processes, business, regulatory, and legal requirements.
• Assist in security incident response using SIEM and other detection platforms.
• Review policies, procedures, system designs, and security controls against frameworks (e.g., NIST Cybersecurity Framework).
• Support implementation and configuration of application security tools.
• Monitor and ensure compliance with established application security standards.
• Assist the Incident Response team with application security investigations.
• Develop custom tools to help software teams embed security into their development processes when off-the-shelf solutions are unavailable.

• 2-4 years of experience, preferred
• Bachelor's degree in related field, or equivalent work experience, preferred
• Knowledge of SDLC and Dev Sec Ops  concepts such as CI/CD pipelines preferred
• Experience with common application security controls including WAF preferred
• Understanding of standard security control frameworks, including NIST Cybersecurity Framework (800-53) preferred
• Strong analytic, troubleshooting skills; can problem solve, organize, and manage multiple tasks and projects in a health information system environment preferred
• Able to stay objective and independent when completing assignments and consistently demonstrate the ability to hold information in confidence preferred
• Ability to learn new software and hardware packages and adapt to changes in technology preferred
• Strong technical, process, and interpersonal skills to effectively analyze information systems, research and validate risks preferred
• Knowledge of common patterns for AuthN and AuthZ preferred
• Experience in understanding SCA/SAST scan results and working with development teams to establish remediation plans preferred
• Experience in creating dashboards in Splunk, Rapid7 or other equivalent tools to measure and guide application security work preferred
• Experience with Veracode preferred
• One or more Information Security Certifications preferred: CISSP, CISM, CCSP, CISA preferred

• Applies…