McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
McKesson is looking for a Director, ISRM for McKesson’s Corporate Functions. The Corporate functions comprise:
Human Resources & Administration
Corporate Strategy & Business Development
General Counsel & Compliance
This position can be based at our Scottsdale, AZ; Alpharetta, GA or San Francisco, CA office.
Accountable for the Cybersecurity and IT Risk & Compliance Management program for McKesson’s Corporate Functions
Works proactively with BU leadership to ensure security, IT risk and compliance is actively built in to the organization objectives. Areas of responsibility include:
IT Compliance and Customer Assurance
Lead the programs across the Corporate Functions to evaluate and maintain compliance with Corporate policies, regulations (Sensitive Employee Information, HIPAA, PCI etc) and other contractual requirements
Support the Corporate functions in responding to customer requests
Risk Management including vendor (3 party) assurance
Lead risk remediation efforts related to Information Security, and help monitor remediation of other key risks
Partner with the ISRM Director, 3rd Party Assurance for vendors supporting the Corporate functions – evaluating risks with new vendors and assessing and monitoring risks at existing vendors
Work with the application teams and business leads to build security into their application lifecycle
Coordinate with the ISRM service continuity team to make sure there is adequate coverage for Business Continuity and Disaster Recovery Planning
Asset Management governance
Maintain an understanding of the IT environment – understanding what is supported by the Enterprise Technology & Services team, and what is directly managed by the Corporate functions
Works corporate leadership to determine acceptable levels of risk and reports on variance.
Provides input into McKesson Cybersecurity Strategy; executes objectives and report variance to Corporate defined priorities.
Provides regular metrics and reporting
Support Corporate Functions cybersecurity budget and planning
Familiar with compliance regulations, IT, security frameworks and standards
Additional Knowledge & Skills
CISA, CISSP or other similar professional designations are a plus