Job Details

The BISL will assist in providing recommendations and support for business/application specific risk assessments to include HIPAA, NIS, HIRUST, etc. and internal security practices, policies, and standards. The ISL will also lead/assist sub-BUs and Functional BU Divisions in the engagement to plan, educate, facilitate, and remediate security initiatives/projects across their assigned Business Unit(s) (BU) within McKesson.  Additionally, this position will require collaboration and coordination with the BU Business Engagement Leaders (BELs) and ISRM security service towers/delivery leader and internal business clients.

Critical Duties:

• Manage personnel directly/in a matrixed environment

• ISRM Governance & Risk management compliance program

• Define goals, progress towards those goals, timelines, planned activities, and issue remediation planning (annual planning, HIPAA, NIST 800-53/800-53A) related activities like control testing, etc.)

• Consult and advise on business level security health, risks/issues, provides updates to BISO

• Manage progress tracking communications with the business application owners

• Manage progress tracking and remediation (BU BISO and BELs)

ISRM Policies and Standards:

• Comment and review ISRM policies and procedures to identify required ISRM exceptions per BU

• Facilitate in and foster ISRM activities for new application and system development

• Full review of compliance/exceptions to policies with CIO and BISO (annual review)

• Partner with BU Internal Audit (IA) and other similar, internal groups

Additional Knowledge & Skills:

• Implement and demonstrate experience with cybersecurity best practices, security, and risk frameworks (i.e., NIST, HITRUST, FDA, ISO 27000, etc.).

• Ability to think strategically, work with a sense of urgency and attention to detail

• Ability to develop and follow detailed process and procedure documentation

• Ability to present and solve complex solutions and methods to non-technical people

• Must possess detailed planning and organizational skills

• Experience managing client expectations and working with clients to minimize their risk exposure

• Must establish compliance with all external governing bodies and internal ISRM policies, standards, and SOPs

• Must work as part of a team or individual contributor and be able to manage complex relationships with all stake- holders

• Must be well organized, a strong communicator, detail oriented, demonstrate good judgment, be confident working independently

• Must have excellent verbal and written communication skills and the ability to interact professionally with a diverse group including, executives, managers, and subject matter experts

Minimum Qualifications:

• 5-7+ years of relevant experience

Education:

• Bachelor’s degree (in related field) or equivalent experience

Certifications/Licensure:

• Industry cybersecurity certification(s) (e.g. CISM, PMP, CCISO, Security+, etc.) a plus

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, pleaseclick here.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

Our Base Pay Range for this position

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!