Information Security Analyst – US Pharma/ETS
Location:
Scottsdale , Arizona
Posted:
January 27, 2017
Reference:
16009648/4-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.


Current Need

We are searching for an Information Security Analyst with technical and compliance related skill sets to support our US Pharmaceutical business and enterprise technology organization.

 

This position can be located in our Alpharetta, Scottsdale, or Carrollton offices and our San Francisco office for internal candidates.

 

Position Description

The position is part of McKesson’s Information Security and Risk Management (ISRM) team and is responsible for building and promoting IT/security controls and compliance across the US Pharma and enterprise IT organizations. Responsibilities include:

  • Collaborate with application and infrastructure teams in understanding and driving critical vulnerabilities (all layers) to remediation

  • Collaborate with network security and operations teams to implement appropriate security controls and protections (e.g. firewalls, IDS/IPS, etc.)

  • Provide support and guidance to key application and infrastructure stakeholders as part of the enterprise cybersecurity program

  • Work with business and IT teams to establish security requirements for projects/programs (e.g. systems upgrade or implementation) and operations

  • Lead new and recurring security risk assessments (e.g. HIPAA, PCI, etc.), develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, etc., to obtain a holistic risk posture

  • Support the business and IT teams in responding to customer security requests and inquiries

  • Manage security findings with applicable stakeholders within the GRC system

  • Work in a self-directed, collaborative, and constructive manner with the business units, and our internal stakeholders to enhance the effectiveness of security processes and controls.

Qualifications

Minimum Requirements
4+ years experience in administering security controls in an organization

Critical Skills

  • 2-4 years of operating system experience (Unix, Linux, and/or Windows)

  • 2-4 years of information security or compliance experience

  • Knowledge and experience with security related regulations and standards, such as HIPAA/HITECH, PCI, and SOX

  • Knowledge of ISO 27001 and NIST 800-53 security frameworks

  • Knowledge of networking concepts (e.g. LANs, VLANs, VNets, WANs, firewalls, etc.)

  • Strong analytical and troubleshooting skills with an understanding of IT business operations and information security

  • Self-Starter that requires minimal supervision, multi-tasks effectively, and can provide oversight and coaching to others for any assigned projects or tasks

  • Strong interpersonal and influencing skills

Additional Knowledge & Skills

  • Knowledge or experience with vulnerability management/scanning solutions a plus
  • Knowledge of cloud platforms (e.g. Azure, AWS ,etc.)
  • Database knowledge or experience a plus
  • CISSP or equivalent certification(s) a plus

Education

4-year degree in computer science or related field or equivalent experience

Certifications/Licensure

CISSP or equivalent certification(s) a plus

Physical Requirements
General Office Demands

Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

 


A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.