La santé de demain commence par… Relever les défis que personne d’autre ne peut surmonter.

Position Description

The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations. The candidate will have a demonstrated comprehension of insider threat planning, identification and components of an insider threat program, insider threat team development, strategies for effective communication of the program, and effective implementation and operation of the program within the organization.

Key Responsibilities:

• Lead and collaborate on implementation of the Insider Threat Program.

• Recommend strategies to prevent potential insider threat behavior or incidents.

• Monitor existing policies and suggest modifications to enhance the capabilities of the InsiderThreat Program.

• Collaborates with law enforcement (through the Incident Response team), industry experts,internal, and external peers to enhance the Insider Threat Program behavioral models anddetection techniques.

• Create roadmaps for the ongoing improvement of the Insider Threat Program.

• Responsible for daily operations and execution of the Insider Threat Program.

• Develop a training curriculum for members of the Insider Threat Program team.

• Develop and collaborate on training and awareness for McKesson employees and outside service workers (OSW).

• Develop and perform processes for the Insider Threat Team Program, including which typesof alerts to evaluate reporting, response and remediation steps in collaboration with keyStakeholders.

• Conduct analytical and critical thinking; understand problem set, review facts, makeaccurate observations and judgments and provide recommendations/reporting.

Technical Skills

• Provide advice and expert guidance on security issues affecting business process andprocedures exploitable by insiders (both accidental and malicious actions)

• Provide input to the Insider Threat Program based on known and unknown threats.

• Build and implement processes and technologies to detect high-risk insider activities that areaccidental or malicious in nature.

• Design reporting mechanisms for potential or actual insider threats.

• Create and implement constructs/threat detection use cases for early warning detection of potential insider threats.

• Test existing behavioral constructs for applicability and effectiveness.

• Evaluate technologies to enhance detection capabilities of behavioral constructs.

• Coordinate and collaborate with the SOC, HR, Legal, Help Desk, IT, CTI, DLP, and Corporate PhysicalSecurity Risk teams and Business Units (BUs) to remediate/mitigate identified risks.

• Review existing technology capabilities and limitations and build business case forrecommended new technology capabilities.

• Conduct ongoing research of cyber insider threat.

• Provide specialized intelligence and threat analysis and production support.

Communication skills

• Develop information and technical support documents, summaries, reports, presentations,and other products.

• Present briefings to personnel/key stakeholders

• Write clear, concise and timely intelligence products that identify, analyze, and collatedisparate pieces of information

• Develop baseline of normal Network Device Behaviors; Implement User Behavior Analyticstool

• Conduct risk assessments (on a regular basis), including risks to trade secrets, salary data,proposal data, proprietary data, strategic plans, Personally Identifiable Information (PII), andIT systems and servers, etc.

• Ensure access and logging to identified critical assets

• Monitor and Respond to Suspicious or Disruptive Behavior

Minimum Requirements

7+ years relevant experience

Critical Skills

• 3+ years’ experience with security issues, vulnerabilities, regulatory and legal changes, andsecurity standards that may impact Information Security

• 1+ years’ experience with Insider Threat Program; and Information Security and networkbest practices

• 4+ years’ experience providing advice and expert guidance on security issues affectingbusiness process and procedures exploitable by insiders (both accidental and maliciousactions)

Additional Knowledge and Skills

• Strong verbal and written communication skills

• Ability and willingness to share on-call responsibilities, work non-standard hours, and travel(up to 20%) when required.

• Project management experience

• Working knowledge in principals of network and endpoint security, current threat and attacktrends, and security principals.