Tomorrow’s health is… Tackling challenges no one else can.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Job Summary:
McKesson is hiring! We are currently seeking technical professionals with recent, strong Data Security and Compliance experience. This role will be instrumental to the success of our digital transformational efforts in the Data Engineering and Platforms space.

Job Description:
As a Sr. Data Security and Compliance Engineer, you will be part of a highly collaborative team and work environment that delivers cutting-edge data platforms and solutions at McKesson. The Security Compliance Engineer for Data Platforms is responsible for ensuring the security and compliance of data platforms within McKesson. This role involves implementing and maintaining security controls, policies, and procedures to protect data platforms from potential threats and vulnerabilities. The Security Compliance Engineer will collaborate with cross-functional teams to assess risks, monitor security incidents, and ensure compliance with industry standards and regulations. The role will also contribute to the development of security strategies and provide guidance to stakeholders on security best practices.

Responsibilities:

• Security Controls Implementation: Implement and maintain security controls across Snowflake data platform and Data Ingestion platforms, including access controls, encryption, network security, and vulnerability management.
• Compliance Management: Monitor and ensure compliance with relevant industry standards, regulations (e.g., SOX, GDPR, HIPAA), and internal security policies.
• Risk Assessment: Conduct risk assessments on data platforms to identify potential vulnerabilities and threats. Provide recommendations and implement remediation measures to mitigate risks.
• Incident Response: Collaborate with incident response teams to investigate and respond to security incidents related to data platforms. Develop incident response plans and participate in incident response exercises.
• Security Audits and Assessments: Participate in security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement. Address findings and implement necessary changes. Work with internal and external auditors to provide evidence required for compliance.
• Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees on data platform security best practices.
• Documentation and Reporting: Maintain accurate documentation of security controls, policies, and procedures. Generate reports on security metrics, compliance status, and incidents for management and stakeholders.
• Security Strategy: Contribute to the development and execution of the organization's data platform security strategy. Stay updated on emerging threats and security technologies to recommend improvements. Conduct regular security audits and participate in SOX compliance audits, providing reports and recommendations for enhancements.

Minimum Requirements:

• Degree or equivalent, with at least 7+ years of relevant experience.

Critical Skills:

• Experience: 7+ years of prior experience in information security, compliance, or a related role. Familiarity with data platforms – Snowflake, Delta Lake, cloud computing, and security technologies is preferred. Hands-on experience with SnowSQL, Snowpipe, and Notebooks is desirable.
• Knowledge: Strong understanding of security controls, risk assessment methodologies, and compliance frameworks (SOX, GDPR and general ITGC controls). Knowledge of data protection laws and regulations is essential.
• Technical Skills: Proficiency in implementing and managing security controls within data platforms. Familiarity with Role-Based and Fine-Grained Access Controls, security tools, vulnerability scanning, and log management systems.
• Analytical Skills: Ability to assess risks, analyze security incidents, and provide recommendations for improvement. Strong problem-solving skills to address security challenges.
• Communication: Excellent written and verbal communication skills. Ability to collaborate with cross-functional teams, internal/external auditors, and effectively communicate complex security concepts to technical and non-technical stakeholders.
• Attention to Detail: Strong attention to detail to ensure accurate documentation and compliance with security standards.
• Continuous Learning: Proactive approach to stay updated on emerging security threats, technologies, and industry best practices.

Education:

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CISA, or CISM are desirable.

Please note that only candidates authorized to work in the US will be considered for this position. Sponsorship is not available.

****Relocation assistance is not budgeted for this role****

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!