Senior Manager - Supply Chain Cyber Resiliency

Summary:

Reporting to Sr Director of US Supply Chain Solutions, the Senior Manager of Supply Chain Cyber Resiliency will be the primary architect of Cencora's supply chain system cyber "bounce-back" capability. In an era of increasing digital complexity and sophisticated threats, the role will lead the planning and execution of a holistic strategy designed to ensure our supply chain technology and systems remain robust, compliant, and recoverable.

The role isn't just managing backups; they are ensuring that if the worst happens, our business doesn't stop. This critical role will sit at the intersection ofCybersecurity,Business Continuity, and GDATS Supply Chain Systems, owning the end-to-end resiliency lifecycle from vulnerability mitigation to immutable data recovery.

Key Responsibilities:

Vulnerability & Cyber Risk Management

• Identify, assess, and prioritize cyber risks specific to the supply chain ecosystem (including third-party vendors and OT environments).

• Collaborate with security teams, vendors and application owners to ensure proactive patching and threat modeling are integrated into supply chain operations.

• Drive a proactive vulnerability management lifecycle specifically for supply chain systems (WMS, TMS, ERP), ensuring that critical security patches are prioritized based on business risk rather than just severity scores.

• Collaborate with vendors and Business Risk Management teams to evaluate the cybersecurity posture of upstream and downstream partners, ensuring that third-party vulnerabilities do not become a "backdoor" into our internal ecosystem.

Business Resiliency & Impact Analysis (BIA)

• Facilitate comprehensiveBusiness Impact Analyses (BIA)across all supply chain business units to map out interdependencies, Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs).

• Design end-to-endResiliency Plansthat provide "manual workaround" procedures for logistics and warehouse teams during digital outages, ensuring physical operations can continue while systems are restored.

• Establish a cadence for plan reviews and tabletop exercises to ensure that resiliency playbooks evolve alongside the business's expanding digital footprint.

Disaster Recovery (DR) & Cyber Resiliency Program

• Design, implement, and test a comprehensiveDisaster Recoveryframework tailored to global supply chain logistics.

• Shift the focus from traditional DR toCyber Resiliency, ensuring systems can withstand and recover from active, malicious cyber-attacks (e.g., ransomware).

ServiceNow CMDB Coordination

• Work with the functional owner of theServiceNow CMDBfor the supply chain domain.

• Ensure high data integrity and "single source of truth" visibility into assets, dependencies, and configurations to facilitate rapid incident response.

• Lead a rigorous, multi-tiered testing program, ranging from component-level failovers to full-scale regional DR drills, documenting gaps and driving remediation efforts to closure.

• Partner with the Incident Response teams to ensure that DR execution is seamlessly integrated into the broader cyber incident response plan.

Other areas of responsibility

• Manages cyber remediation programs with cross-functional teams and vendors to provide support to supply chain application security programs, inclusive of remediation strategies and efforts to protect infrastructure and 3rd party application vulnerabilities

• Oversees the planning, execution, and management of cyber planning activities and engagements related to functional area of responsibility.

• Develops key critical reports to be presented on vulnerabilities to stakeholders and serves as a subject matter expert (SME) for various cyber programs

• Advises strategic and tactical direction and consultation on security initiatives and provides support and collaboration to ensure organizational objectives are met

• Develops, refines and implements enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet internal and external compliance responsibilities

• Supports documentation and tracking of policies, procedures, standards and system configurations and recommends and implements changes as necessary

• Participates in goals/KPIs setting, budget creation and performance management of USSC Security Strategy team

• Leads team in validating and evidence gathering for escalated security incidents and identifies root cause for application and/or network-related security issues and advises on remediation options

• Contributes to the review of internal processes and activities and assists in identifying potential opportunities for improvement and further automation

• Provides technical/management leadership on assignments and acts as a SME; provides technical and business process responses during training as required

• Ensures technical and business alignment with other team members or departments including information security project design, implementation or monitoring, research and development on new processes and procedures for best practices

• Coordinates, organizes and reports on application development, and infrastructure implementation and maintenance of various security initiatives

• Leads the strategy, design, engineering and implementation of robust security strategies, frameworks, platforms, and solutions

• Provides vision and leadership for the organization's overall cybersecurity processes and culture

• Carries out the development, review, implementation, and maintenance of the organization's security guiding documentation and manages the services and relationship with research and enterprise security teams to develop joint processes and procedures

• Helps the company improve information security and helps design and implement information security programs that can keep pace with the ever-changing security requirements

• Provides leadership over corporate business resiliency, which includes business/service continuity planning, business impact management, and disaster recovery measures

• Leads the strategy, design, engineering and implementation of robust security strategies, frameworks, platforms, and solutions

• Leads a high-performing team for designing, building, testing and implementing security solutions and also assists the overall IT risk & compliance team in maintaining user population and reviewing reports related to accounting activity

Educational, experience & skillset requirements:

• 7 or more years of directly-related or relevant experience with 3+ years in a managerial capacity, preferably in information security.

• Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience

• Master's Degree in Business Administration, Computer Science, Information Technology or any other related discipline or equivalent related experience. - highly desired

Preferred Certifications:

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• Certification in Information Security Strategy Management (CISM)

• Information Technology Infrastructure Library (ITIL)

• Offensive Security Certified Professional (OSCP)

• Project Management Professional (PMP) Certification

Behavioral Skills:

• Coaching and Mentoring

• Conflict Resolution

• Critical Thinking

• Multitasking

• People Management

• Planning

• Presentation Skills

Technical Skills:

• IT Risk Management

• IT Controls

• Cyber Attack Mitigation

• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)

• Enterprise Architecture

• Network Security

• Service Level Maintenance

• Threat Modelling

Tools Knowledge:

• Microsoft Office Suite

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

• Security Testing Tools - Open Source and COTS security tools

• Threat Intelligence Tools

• Vulnerability Testing Tools

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned