Sr Analyst - IT Third Party Assurance
Location:
Alpharetta , Georgia
Posted:
January 27, 2017
Reference:
16009715/1-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.


Current Need

We are searching for a 3 Party Risk Management Senior Analyst to join our growing team.  This position can be located in either our Alpharetta or Scottsdale office.

Position Description

We are looking for an analyst to join our 3 Party Assurance program, in support of the overall enterprise IT governance program. The analyst will use the 3Party Assurance framework to support the program both centrally and at the individual Business Units.

Responsibilities include:

  • Due diligence and Ongoing monitoring

    • Lead new and recurring 3 party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility

    • Implement processes to monitor the 3 party portfolio using a risk based approach.  Monitoring may take many forms including but not limited to:

      • Review of 3 party provided audit reports and supporting collateral e.g. SOC1/2 reports and other certifications, or review of 3 party security whitepapers

      • Requesting questionnaires be completed by the 3 party  describing their environment and controls

      • Periodic on site 3 party risk assessments

    • Maintain and enhance the administration of issue monitoring and exception tracking and, where necessary facilitate remediation actions to improve overall 3 party performance to meet business needs.

    • Partner with the cybersecurity team to monitor risks related to third party access to McKesson’s and our customers’ critical systems and data.

    • Track the 3 party risk management process in RSA Archer governance, risk & compliance tool

  • Stakeholder Consulting:

    • Collaborate with McKesson Enterprise Sourcing & Business Optimization and the other Risk Organizations such as Compliance and Privacy in the process of supporting the program.

    • Work in a self-directed, collaborative, and constructive manner with the business units, and our internal stakeholders to enhance the effectiveness of 3 Party Management processes and controls.

    • Build effective relationships with stakeholders who own and support key 3 party relationships. Gain commitment from stakeholders to help manage and improve the risk posture of these 3 parties. 

Qualifications

Minimum Requirements
6+ years experience in administering security controls in an organization

Critical Skills
  • 2 years experience in third party risk management
  • Experience working with Security Frameworks  e.g. ISO 27001, NIST 800-53, CSA CCM
  • Strong Project and Time Management skills
  • Ability to handle multiple tasks, prioritize and meet deadlines
  • Strong interpersonal and influencing skills

Additional Knowledge & Skills

  • CISSP, CISA, CRISC, or other similar professional designations are a plus
  • Global experience a plus
Education
4-year degree in computer science or related field or equivalent experience

Physical Requirements
General Office Demands

Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.