Tomorrow’s health is… Tackling challenges no one else can.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

The SOC Compliance Senior Analyst supports the SOC Compliance team in managing multiple SOC audits and ensuring timely report delivery across a complex enterprise. Reporting to the Director of SOC Compliance, this role leads discussions with external auditors and internal teams, oversees junior staff, and advises stakeholders. The ideal candidate is collaborative and skilled at coordinating with auditors, delivery teams, and control owners.

Key Responsibilities
1. Supervision and Leadership

Supervise and mentor less experienced personnel, including temporary outside workers.

Assist with onboarding, integration, and training of new team members.

Foster a positive and collaborative relationship between corporate IT, business unit IT departments, Enterprise Financial Controls, and IT Compliance.

2. SOC Report Management

Assist in managing McKesson’s ongoing responsibilities associated with the issuance of SOC 1 and SOC 2 reports.

Lead SOC 1 and SOC 2 audit-related discussions independently.

Serve as a liaison between business units, corporate IT, business unit IT departments, and external auditors to ensure timely completion and issuance of SOC reports.

3. Compliance Oversight

Obtain in-depth knowledge of McKesson systems, processes, underlying technologies, and controls relevant to SOC 1 and SOC 2 reports.

Respond to or assist control owners in responding to audit-related requests (e.g., audit evidence, follow-ups).

Drive timely and complete responses to audit-related requests.

Maintain a strong understanding of AICPA SOC standards and other relevant guidance impacting SOC compliance.

4. Remediation and Issue Resolution

Assist in coordinating remediation activities to address identified deficiencies.

Support discussions with management to develop effective remediation plans.

Monitor implementation and completion of remediation efforts.

5. Project and Status Reporting

Assist in providing regular status updates on accomplishments, next steps, and key issues to governance and program teams.

Contribute to the development of detailed project plans, including risk identification and mitigation strategies.

Identify critical paths and dependencies affecting SOC compliance projects.

Track and report on key performance indicators and success metrics for SOC compliance efforts.

Education/Certifications:

• A degree or equivalent and typically requires 7+ years of relevant experience.

Minimum Requirements

• 3+ years of experience focused on IT audit and/or compliance
• 1+ years of experience with SOC 1 or 2 reporting 
• 1+ years of supervisory experience is a plus
• 1+ SOC 1 or 2 report life-cycle experience, having both SOC 1 and 2 is a plus

Additional Knowledge & Skills

• Advanced knowledge of SOC 1 and 2 report life-cycle activities
• Knowledge of all activities necessary for planning, preparing, and monitoring for continued compliance with SOC 1 and 2 audit requirements
• Knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls
• Understands how to perform control tests to assess the design and operational effectiveness of SOC controls
• Understands how to perform procedures to examine the effectiveness of IT and/or business process controls
• Able to identify gaps in control design and control operative effectiveness of controls, and assist management with related remediation measures
• Understanding of process improvement and best practices
• Strong interpersonal, communication, and presentation skills, including formal report writing experience
• Performs all job responsibilities with integrity
• Effective communication skills with personnel from any grade level
• Advanced understanding and application of the AICPA SOC standards (e.g., SOC 2 Trust Services Criteria) is a plus

Certifications/Licensure

• CISA, CISSP, CPA, or CIA preferred

Please note that only candidates authorized to work in the US will be considered for this position. Sponsorship is not available.

****Relocation assistance is not budgeted for this role****

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!