Tomorrow’s health is… Tackling challenges no one else can.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Job title: SOC Compliance Director

Current Need:

The SOC Compliance Director will support the SOC Compliance team in assist in leading activities and resources to support multiple SOC audits and issuance of SOC reports across the enterprise within a large and complex environment. This role will report to the Senior Director of SOC Compliance with the timely delivery of SOC reports, manage activities with external and internal resources, manage and supervise the activities of lesser experienced staff to support SOC Compliance activities, and lead advisory discussions with internal stakeholders.

This position will require an individual that is highly collaborative and able to drive discussions with external resources (e.g., external auditors), MT delivery and solution teams, as well as other internal teams executing or supporting SOC controls.

SOC Compliance Director Responsibilities:

Strategy

• Provide thought leadership on the teams resource needs and roadmap of execution
• Identify and develop opportunities to streamline SOC compliance activities across the organization

Managing and Leading Others

• Mentors and develops team members in developing in-depth knowledge of the McKesson systems and processes underlying technologies and controls within the assigned SOC 1 and 2 reports
• Assists with the recruitment, onboarding, integration, and training of new team members and temporary workers
• Manage and maintain a positive relationship between the business units, corporate Information Technology (IT), business unit IT departments, and the external auditors in all aspects of their assigned SOC 1 and 2 reports to ensure timely completion of SOC audits and SOC report issuance

Timely delivery of assigned SOC reports

• Complete and accurate status updates on accomplishments, next steps, and awareness to governance and program teams for assigned SOC 1 and 2 reports
• Complete and accurate updates to detailed plans, SOC project risks and mitigation plan
• Manage critical path and dependencies to other ongoing tasks impacting SOC projects
• Complete and accurate reporting on and maintaining key measures of success for SOC Compliance efforts

Compliance Responsibilities

• Manages the relationship and discussions with the leads with the external auditor.
• Manage McKesson's ongoing responsibilities associated with the issuance of multiple annual SOC 1 and 2 reports, including leading teams and driving discussions as necessary
• Maintain subject knowledge expertise of AICPA SOC standards, and other relevant guidance issued regarding SOC 1 and SOC 2 and the impact to the SOC compliance environment
• Serves as the primary contact for the assigned business unit SOC 1 or 2 report
• Partners with and aligns management in regard to the ownership of the IT process and key SOC controls
• Communicates with leadership, technical and non-technical audiences on SOC 1 and 2 activities

Remediation Responsibilities

• Manages and oversees discussions with management in developing remediation plans to address deficiencies
• Manages and oversees remediation activities and timelines to address deficiencies impacting SOC 1 or 2 reports
• Communicates and coordinates with leadership to ensure timely completion of remediation activities

Minimum Requirements

• 9+ years of experience focused on IT audit and/or compliance
• 4+ years of experience with planning, executing, and issuance of SOC 1 or 2 reports
• 4+ years of managerial experience
• 2+ years of full SOC 1 or 2 report life-cycle experience, having both SOC 1 and 2 is a plus
• Experience with auditing business process controls is a plus
• Experience in a "service auditor” role at a public accounting firm issuing SOC examination reports is a plus

Additional Knowledge & Skills

• Thorough knowledge of all activities necessary for planning, preparing, issuance of reports, and monitoring for continued compliance with SOC 1 and 2 audit requirements
• Strong knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls
• Highly analytical and have a strong understanding of SOC reporting and industry standards
• Excellent problem-solving skills and the ability to think critically
• Ability to effectively communicate at multiple levels of management
• Strong understanding how to perform procedures to examine the design and operational effectiveness of IT and/or business process controls
• Able to identify gaps in control design and control operative effectiveness of controls and assist management with related remediation measures
• Strong understanding of process improvement and best practices
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Performs all job responsibilities with integrity
• Effective communications skills with personnel from any grade level
• Thorough understanding and application of the AICPA SOC standards (e.g., SOC 2 Trust Services Criteria) is a plus

Education

• Undergraduate degree in business, accounting, IT, internal audit or related field with focus on information systems or equivalent work experience.

Certifications/Licensure

• CISA, CISSP, CPA, or CIA preferred

Physical Requirements: General Office Demands

Must be authorized to work in the US. Sponsorship is not available for this position.

Relocation is not budgeted for this role

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!