Be part of the team that's poised to transform the fight against cancer. Backed by the strength of a Fortune 8 company, our entrepreneurial organization develops technologies used by the oncology community to deliver evidence-based, personalized care, as well as insights used by biopharma companies to accelerate drug development and support the entire treatment journey. Our work powers informed decision-making at every pivotal moment in oncology - from the treatment options presented to patients, to the operational considerations for oncology practices, to the design of clinical trials, to the commercial launch plans for new therapies.
The Director is the Security Leader for the PSaS Ontada TechnologySolutions organization who is accountable for the Information Protection strategy and program. The Director will partner with Ontada leaders and other stakeholders to improve information security posture and ensure all work products are on-time and high-quality to comply with the McKesson Global Information Security program. The Director will report into the Business Information Security Officer (BISO), PSaS.
Key responsibilities include:
Engage as a member of the business unit senior leadership team to understand, discuss, and advise on strategic priorities, concerns and key IT risks.
Be a part of the IT leadership team and act in a consultative way to help improve security posture and adherence to security policies and required controls.
Formulate, articulate, and align key stakeholders on a risk-based strategy and roadmap to mature the security and compliance posture of the local organization.
Champion McKesson's Information Protection strategy, ensuring enterprise objectives and requirements are communicated and understood by local stakeholders
Maintain a strong understanding of the CI/CD IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
Work proactively with leadership to ensure security, IT risk and compliance is actively built into organizational objectives and procedures
Coordinate regular, timely reporting on the information security status across the BU leadership team and communicate metrics and reporting to the ISRM leadership team with a focus on continuous improvement
Ensure new products, services, applications, third party or client relationships have appropriate security controls embedded and that any identified risks are appropriately addressed for remediation
Facilitate the identification of high value assets to be monitored by the Security Operations Center (iSOC).
Coordinate information security risk assessments on internal and external Vendors and services.
Lead a cross-functional team of ISRM shared service teams and BU IT teams to execute and deliver against defined objectives. Areas of focus include:
Information security risk assessment of internal and external services
Vendor and customer assurance activities
IT compliance with Corporate and local policies, regulations (HIPAA, PCI, etc.) and other contractual requirements
Implementation and monitoring of controls to protect McKesson's assets, including secure software development practices and vulnerability management
Disaster recovery planning, including integration with business continuity and crisis management plans
Incident response coordination
Communicate regarding key deliverables and due dates to ISRM and other stakeholders and service owners (application, infrastructure & business/SaaS vendors) with the goal to ensure compliance with Information Security standards, policies, procedures & guidelines.
Centralize exception/standards deviation filing and coordination of sign-off in support of the ISRM policy exception process
Review local processes and products for policy violation/non-compliance areas
Provide an escalation path for information security issues, incidents, inquiries and investigations
Work with BU and Corporate leadership to determine acceptable levels of risk, report on variances, and propose mitigation activities
Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions
Partner with enterprise and ISRM service teams to leverage capabilities and subject matter expertise
Acquire, develop, and retain a high-performing team to support business objectives
Engage in opportunities to gain external thought leadership and build relationships to inform strategies and propose solutions
Assist with ISRM and BU budget planning
10+ years of professional experience in IT, Information Security Services, IT Audit and/or IT Risk Management
Experience in risk assessment, audit, and IT security assessments
4+ years of mentoring or leadership experience
Knowledge of secure AWS cloud hosting capabilities
CISA, CISSP or other similar professional designations
Familiar with compliance regulations, IT security frameworks and standards (i.e. NIST, HIPAA, PCI, SOX, HITRUST, FedRAMP)
Knowledge of the healthcare and software industries
Strong communication and interpersonal skills to build/maintain ongoing business relationships at all levels within an organization
Strong ability to influence or negotiate with stakeholders dealing with competing priorities
Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
Capable of anticipating needs and driving clarity on expectations
A solution-oriented mindset, with the ability to exercise good professional judgment
4 years or equivalent work experience
Must be authorized to work in the U.S, now or in the future, without support from McKesson.
Relocation is NOT budgeted for this position.
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!
Internal Number: JR0040075
About McKesson Corporation
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.