IT Regulatory and Compliance Manager
Location:
Scottsdale , Arizona
Posted:
January 27, 2017
Reference:
16008791/1-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

 

Current Need

 

We are recruiting for a IT Regulatory and Compliance Manager to join our Information Security Risk Management (ISRM) team. This position can be located in Scottsdale/Phoenix area (preferred) or Alpharetta, GA area.

 

Position Description

 

Key areas of responsibility include:

 

Regulatory Compliance

  • Provide subject matter expertise for common IT compliance frameworks (e.g. HIPAA, HITECH, NIST 800-53 r4, SOX)

  • Monitor emerging regulatory updates that may impact IT and/or healthcare

  • Analyze the impact of applicable regulatory updates and facilitate communication  to relevant stakeholders

  • Update documentation and provide training to stakeholders as necessary

  • Facilitate Enterprise/Business Unit/Application compliance assessments against frameworks in conjunction with other risk assessing organizations

  • Develop remediation process for compliance  assessments and work with Business Unit stakeholders to develop and monitor remediation plan(s)

Risk Assessment and Risk Management

  • Execute security risk assessments against internal policies and industry frameworks, facilitating results and discussion with Information Security Risk Management and Business Unit leadership

  • Evaluate and document emerging IT risks and threats related to new areas of business and emerging technology

  • Maintain risk register within corporate GRC and enhance our understanding and reporting of the IT risks and threats that could impact the confidentiality, integrity and availability of our businesses, processes, systems, and data.

  • Work with business and IT owners to establish priorities for process improvements to manage risk and threats.

Cybersecurity Compliance

  • Support the overall corporate cybersecurity program by validating the controls implemented within the Business Units

  • Enhance criteria for validating and provide feedback for emerging cybersecurity requirements

  • Coordinate with other enterprise compliance teams (e.g. Compliance, Privacy, Internal Audit) to align execution of cybersecurity compliance activities


 

 

Qualifications

Minimum Requirements
6+ years experience in administering security controls in an organization 

 

Critical Skills

  • Minimum of 5+ years of experience in Data Privacy, Information Security, or IT Risk Management.

  • Experience implementing or evaluating HIPAA requirements

  • Working knowledge of regulatory requirements around data privacy

  • Ability to identify regulatory/legal changes and analyze applicability

  • Capable of anticipating needs and driving clarity on expectations

  • Strong attention to detail and accuracy

Additional Knowledge & Skills

  • Knowledge of the healthcare industry and related compliance frameworks a plus.

  • CIPP, CISSP, CISM, CRISC, or other similar professional designations

Education
4-year degree in computer science or related field or equivalent experience

Physical Requirements
General Office Demands

Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

 


A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.