Tomorrow’s health is… Tackling challenges no one else can.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Sr Information Security Analyst (Fixed Term Contract)

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Position Description

The Sr Information Security Analyst will be part of the team responsible for leading or supporting the execution of Cybersecurity goals and objectives through the governance and management of Cybersecurity initiatives and resources and ensure security risks are managed and the organization complies with security requirements and regulations through active collaboration with our customers and stakeholders. 

• Engage directly with the appropriate Business or Technology Teams to ensure new products, services, applications, third party relationships have been assessed for controls and that any identified risks are appropriately addressed.
• Lead new and recurring security risk assessments (e.g. HIPAA, PCI, etc.), collaborate on the development of mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, to obtain a holistic risk posture.
• Establish security requirements for projects/programs (e.g. systems upgrade or implementation) and operations through engagement with Business and Technology teams.
• Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
• Work proactively with Business Information Security Officers (BISOs), Security Coordinators and Business and Technology teams to ensure security, IT risk and compliance is actively built into the organization objectives and procedures.
• Assist with the coordination and prioritization of work for implementing cybersecurity initiatives.
• Maintain a strong understanding of the Business Units’ Technology environment to manage the threat and risk landscape – application stacks, infrastructure components, and external facing footprint.
• Provide regular, timely reporting on the information security status across Technology Solution teams and, provide regular metrics and reporting with a focus on continuous improvement.
• Collaborate with the relevant Business or Technology teams and act in a consultative way to help improve the security posture and adhere to security policies and expected controls.
• Facilitate the identification of high value assets to be monitored by Cybersecurity team.
• Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies and procedures.
• Provide escalation path for information security issues, incidents and enquiries.
• Work with the Technology Team and Business Unit management team to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities.
• Partner with enterprise service teams to leverage capabilities and subject matter expertise.
• Acts as an Information Security subject matter expert on responsible area and endorse recommended solutions, providing thought leadership, coaching and mentoring to other information security analysts as required.

QUALIFICATIONS

Minimum Requirements: Experience, Education, Skills and Competencies

• 4 years in Information Security, or equivalent technical project management and/or auditing experience.
• Proven ability to effectively lead multiple technical projects on-time and within budget.
• Strong ability to influence and negotiate, as well as to effectively prioritize and execute despite competing priorities and uncertainty.
• A goal-driven and solution-oriented mindset, with the ability to exercise good professional judgment.
• Strong desire to learn and advance in Information Security.
• Fluent in written and verbal English language, including well-developed technical communication skills.
• Well-developed technical communication skills.
• Supports Information Security Risk Assessments and contract reviews.
• Provide capability deployment and operationalization, capabilities and service analytics.
• Provide escalation path for information security issues, incidents and inquiries.
• Proven ability to effectively prioritize and execute tasks with competing priorities; strong influencing skills to work with various service owners.
• Excellent communication, analytical and planning skills to manage the implementation of information security controls and services.
• Demonstrated experience effectively leading and managing collaborative, service management solutions across disparate functional teams.
• Experience successfully delivering programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals.
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities.
• Capable of anticipating needs and driving clarity on expectations.
• A solution-oriented mindset, with the ability to exercise good professional judgment.
• Experience in risk assessment, audit, and IT security assessments.
• Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST 800, ISO/IEC 27002, HIPAA, PCI, SOX, HITRUST).

Additional Knowledge & Skills:

• Security related qualification(s) such as CISA, CISSP, CISM, CREST Technical Security Architect, ISO Lead Auditor, etc.
• Experience in risk assessment, audit, and IT security assessments
• CISA, CISSP, PMP, or other relevant professional designations
• Knowledge of Security and Control Frameworks such as NIST, ISO, Cloud Security Alliance, CMMC, etc.
• Experience with OneTrust GRC & Security Cloud namely OneTrust Certification Automation formerly Tugboat Logic is a plus.
• Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

Our Base Pay Range for this position