Tomorrow’s health is… Tackling challenges no one else can.

McKesson’s Cyber Security Operations Sr. Manager will be a member of our McKesson Cyber Investigations & Response Team leading Security Operations and Incident Response activities across the Enterprise. You will be responsible for leading activities regarding identifying, containing, eradicating, and recovering from cybersecurity events and incidents. To execute this mission, you will use a combination of strong leadership skills, technical expertise, and an understanding of advanced cybersecurity principles and best practices. You will lead security event monitoring and incident response efforts by applying your leadership and analytic skills to investigate alerts and escalations, identify malicious activity, and collaborate with enterprise stakeholders. 

Responsibilities:

• Manage daily security operations activities such as responding to alerts, monitoring security inbox for escalations, and coordinating with service owners, business stakeholders, and senior leaders. 

• Leading incident response activities as the Incident Commander such as directing containment and eradication activities, assessing reports, assisting in developing crisis response and communications plans, and directing incident recovery procedures. 

• Oversee all management activities related to security operations including people management, training, and mentoring to direct reports. 

• Convery potential and realized risks to business stakeholders and senior leaders with plans for how to remediate them. 

• Generate and report security metrics to ensure appropriate performance and adherence to standards. 

• When directed, create compliance reports, and support the audit process. 

• Partner with the security architecture, security engineering and security automation teams to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.  

• Manage career development for team members, including training and mentoring, conducting performance reviews, and exhibiting behaviors to be modeled by team members. 

Minimum Requirements:

• 10+ years of relevant cyber security experience in Threat Hunting, Security Operations, Incident Response, or network security with strong knowledge and experience leading a Security Operations or Incident Response team. 

• Experience training and managing security operations staff. 

• Proficiency in the use and management of Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and Endpoint Detection and Response (EDR) tools. 

• Experience in implementing automations to support and augment security operations processes, people, and technology. 

• Experience developing and implementing security policies in an enterprise environment. 

• Experience creating and managing adherence to standard operating procedures and processes. 

• Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response, cyber threat intelligence, and other information security practices. 

• Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants. 

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. 

Preferred Technical and Professional Expertise:

• One or more of the following security certifications or equivalent: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) 

• Master’s degree in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, or Information Systems. or equivalent degree is preferred. 

• Knowledge of the healthcare, distribution, or software industries is a plus. 

• Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts. 

• Recognize complex problems, analyze situations, and provide leadership to solve for and oversee implementation of their resolution(s). 

• Provide leadership and guidance to the team and act as a resource to the team members. 

• Experience with one or more scripting languages (e.g., PowerShell, Python, JavaScript, Perl).