Senior Director, Software & Systems Assurance
Location:
Scottsdale , Arizona
Posted:
January 27, 2017
Reference:
17000043/1-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Current Need

McKesson has embarked on an important mission to become a leader in cybersecurity for global healthcare.  We are making significant investments to enhance our capabilities through talent development, resource levels, process maturity, and technology enablement.

As McKesson’s Sr. Director Software Assurance, you will be a key component of our team helping work across the enterprise to build and mature processes to strengthen our IT environments from an end to end perspective covering both systems development and systems operation.  You will partner with the ISRM Enterprise Governance, Risk & Compliance team and the Enterprise Cybersecurity team and support the Business Information Security Officers and IT teams across the enterprise in maturing their programs.

This position can be based at our Alpharetta, GA or Scottsdale, AZ office.

Position Description

Responsibilities will include:


Secure SDLC Program

Promote best practices in application development, leveraging industry recognized secure SDLC frameworks

  • Develop and govern the deployment of the SDLC security program across McKesson for in-house developed and commercial off-the-shelf software focusing on standard services, processes & tools.  This includes:
  • Work with business units to promote a strong secure SDLC program for mobile / digital solutions in Healthcare and Pharmacy services (online, mobile, and legacy platforms)

  • Partner with the Cybersecurity & Threat Management team to deliver software assurance capabilities to the enterprise:

    • Static code and binary analysis

    • Dynamic application testing

    • Infrastructure vulnerability testing

    • Application-level Penetration Testing/Ethical Hacking

    • Threat Modeling & Red Team application security assessment

  • Manage the executive communications and reporting specific to the Software Assurance program and it initiatives, risks and threats for the McKesson enterprise

  • Keep abreast of application security trends and the emerging threat landscape related to the healthcare industry, McKesson businesses and corresponding applications

  • Subject Matter Expert in defining a software security training curriculum for McKesson, partnering with the GRC team for implementation/roll-out

Secure IT Operations Program

Promote best practices in building and maintaining security in the software and systems supporting our business applications.  This includes helping the BUs build processes to build and configure systems securely, and then to maintain them:

  • Maintain and enhance coverage for vulnerability scanning across the enterprise
  • Partner with the Cybersecurity & Threat Management team to deploy similar processes to monitor configuration management

  • Guide the BUs in the prioritization and execution of their remediation processes, and work to encourage streamlining/standardization of these processes

  • Provide regular metrics and reporting at the BU and Enterprise level

Asset Management Assurance


A foundational component of IT Risk Management and Cybersecurity is understanding and prioritizing the the assets we need to protect.  In this role you will work with groups across the company that manage our IT assets to ensure there are appropriate governance processes in place.  This includes partnering with the ETS Asset Management group, ISRM teams, and other ETS and BU functions.













 

Qualifications

 

Minimum Requirements
8+ years software engineering experience including 7+ years managerial experience

 

Critical Skills

  • Minimum of 8 years’ experience in Application Security, Cybersecurity Services, Engineering or IT Risk Management
  • Excellent working knowledge of industry and commonly adopted secure software development standards, practices (e.g. applicable NIST standards, OWASP, CERT, SANs, SafeCode, BSIMM)
  • Commercial / contract experience writing in at least (2) of the following languages: C#.Net, ASP.Net, Java, Objective-C, C++, Javascript, Python, Curl, Perl and Windows PowerShell
  • Excellent leadership, verbal and written communication, presentation, and problem solving skills
  • Experience in a high transaction, large/ complex/ matrix business environment
  • Possesses exceptional strategic thinking, planning and relationship skills
  • Ability to influence management and build credibility across the organization
  • A collaborative and engaging leader who partners well with others
  • Team focus with an ability to lead in a matrixed organization
  • A strong leader in talent management, with the ability to develop staff, recruits appropriate talent, and create a culture of performance

Additional Knowledge & Skills

  • Background in application development strongly preferred
  • Knowledge of the healthcare and/or software industries is a plus
  • CISSP, OSCP, SANS/GIAC or other similar professional designations are a plus

Education
4-year degree in computer science or related field or equivalent experience

Physical Requirements
General Office Demands


Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

  •  

  • A little about us:
    McKesson is in business for better health.

    Know someone who would be interested in this job? Share it with your network.