Tomorrow’s health is… Tackling challengesno one else can.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Job Title: SOC Compliance Lead

Work location: Alpharetta, GA / Irving, TX

Current Need:

The SOC Compliance Lead will support the SOC Compliance team in leading activities to support multiple SOC audits and issuance of SOC reports across the enterprise within a large and complex environment. This role will report to the Director of SOC Compliance with the ensuring timely delivery of SOC reports, leading the discussions with external and internal resources, supervising the activities of lesser experienced staff to support SOC Compliance activities, and providing advisory to internal stakeholders.

This position will require an individual that is highly collaborative and able to drive discussions with external resources (e.g., external auditors), MT delivery and solution teams, as well as other internal teams executing or supporting SOC controls.

SOC Compliance Lead Responsibilities:

Supervision and Leading Others

• Assist in managing McKesson's ongoing responsibilities associated with the issuance of SOC 1 and 2 reports
• Supervise and mentor lesser experienced personnel, including temporary outside workers
• Assists with the onboarding, integration, and training of new team members
• Manage positive and collaborative relationship between corporate IT, business unit IT departments, Enterprise Financial Controls, and IT Compliance

Compliance Responsibilities

• Obtain an in-depth knowledge of the McKesson systems and processes underlying technologies and controls within the assigned SOC 1 and 2 reports
• Lead SOC 1 and 2 audit related discussions independently
• Responds to or assists control owners in responding to audit related requests (e.g. audit evidence, follow-ups, etc)
• Driving the timely and complete response to audit related requests
• Serves as a liaison between the business units, corporate Information Technology (IT), business unit IT departments, and the external auditors in all aspects of their assigned SOC 1 and 2 reports to ensure timely completion of SOC audits and SOC report issuance
• Trains management of relevant business units in regard to their ownership of the IT process and key SOC controls
• Maintain an understanding of AICPA SOC standards, and other relevant guidance issued regarding SOC 1 and SOC 2 and the impact to the SOC compliance environment

Remediation Responsibilities

• Lead discussions independently with management in developing remediation plans to address deficiencies
• Drive and coordinate remediation activities to address deficiencies
• Monitor implementation and completion of remediation efforts
• Escalate to leadership timely to ensure completion of remediation activities

Timely delivery of SOC reports

• Provides regular status updates on accomplishments, next steps, and awareness to governance and program teams
• Assists with developing detailed plans, identifying SOC project risks and possible mitigations
• Assists with identifying critical path and dependencies to other ongoing tasks impacting SOC projects
• Assists with reporting on and maintaining key measures of success for SOC Compliance efforts

Minimum Requirements

• Strong 5+ years of experience focused on IT audit and/or compliance
• 2+ years of experience with SOC 1 or 2 reporting
• 1+ years of supervisory experience
• 1+ SOC 1 or 2 report life-cycle experience, having both SOC 1 and 2 is a plus
• Experience with auditing IT and/or business process controls is a plus
• Experience as an external auditor is a plus

Additional Knowledge & Skills

• Thorough knowledge of SOC 1 and 2 report life-cycle activities
• Advanced knowledge of all activities necessary for planning, preparing, and monitoring for continued compliance with SOC 1 and 2 audit requirements
• Strong knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls
• Understands how to perform control tests to assess the design and operational effectiveness of SOC controls
• Understands how to perform procedures to examine the effectiveness of IT and/or business process controls
• Able to identify gaps in control design and control operative effectiveness of controls and assist management with related remediation measures
• Understanding of process improvement and best practices
• Strong interpersonal, communication, and presentation skills, including formal report writing experience
• Performs all job responsibilities with integrity
• Effective communications skills with personnel from any grade level
• Thorough understanding and application of the AICPA SOC standards (e.g., SOC 2 Trust Services Criteria) is a plus

Education

• Undergraduate degree in business, accounting, IT, internal audit or related field with focus on information systems or equivalent work experience.

Certifications/Licensure

• CISA, CISSP, CPA, or CIA preferred

Candidate must be authorized to work in the U.S, now or in the future, without the support from McKesson.

Relocation is not budgeted for this role

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, pleaseclick here.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

Our Base Pay Range for this position

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!