Sr. Director, IT Governance Risk & Compliance
Location:
Alpharetta , Georgia
Posted:
January 27, 2017
Reference:
17000042/2-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.


Current Need

The Senior Director will provide leadership, strategic direction, and oversight for maturing McKesson’s centralized enterprise wide IT Governance, Risk and Compliance (GRC) program within the enterprise Information Security and Risk Management (ISRM) function.

 

This position is responsible for objectively identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

 

The new Senior Director must be well-regarded throughout the business, and is expected to maintain a culture of performance and transparency, improve efficiency and quality, and continually build trust and credibility throughout the organization.

 

This position can be based at our Alpharetta, GA or Scottsdale, AZ office.


Position Description

As McKesson’s Sr. Director, IT Governance, Risk & Compliance, the key responsibilities will include:

 

  • Strategic Planning – This executive will leverage the corporate defined strategy to develop a detailed roadmap and plan to mature our enterprise IT GRC program

    • Monitor the industry landscape to understand and prepare for upcoming changes in the business environment including compliance regulations and security technologies

    • Communicate an understanding of McKesson’s IT governance, risk and compliance landscape to senior leadership at the Corporate and BU levels

    • Socialize the roadmap and plan and build consensus and support with business and IT leaders.

 

  • Program Management and Operations – This executive will manage the enterprise IT Governance Risk and Compliance program and operations, including:

    • Policy Management, Training & Awareness:

      • Develop, maintain and publish (launch) enterprise information security policies and   standards

      • Maintain mandatory compliance training, and enhance targeted training programs for high risk teams (e.g. application security, system administrators etc)

      • Lead social engineering awareness program, including phishing awareness

    • IT Risk Management:

      • Refine enterprise processes to track, monitor and report on key IT Risks and recommend programs to achieve a risk target. 

      • Partner closely with the ISRM Cybersecurity team to identify and manage threats in relation to the key risks.

    • IT Compliance:

      • Ensure that security programs are designed for compliance with relevant laws, regulations and policies, and to minimize or eliminate risk and audit findings.

      • Validate compliance with relevant laws, regulations and policies such as HIPAA, PCI and support for SOX

      • Oversee attestation services in support of ~500 customer requests per year e.g. SOC1/2 reports, HiTrust, ISO27001 etc

      • Oversee the issues management and policy exception processes

    • 3rd Party Assurance:

      • Lead the 3rd party assurance program to help manage and monitor the risks with the third party service providers McKesson uses.  Develop an appropriate scalable framework and operating model in terms of automation, staffing vs outsourcing, and also determining the level of centralization vs execution at the individual Business Units. 

         

  • Collaboration, Reporting and Financial Management

    • Coordinate closely with the ISRM Program Management team to provide regular metrics and reporting to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of security.

    • Collaborate with other Corporate functions including Internal Audit, Legal and Compliance, Privacy and Enterprise Sourcing, to ensure that the organization maintains a strong security posture.

    • Liaise with Business Information Security Officers (BISOs) who are accountable for the Cybersecurity and IT Risk & Compliance Management program within McKesson’s business units

    • Develop and manage a security budget and develop strategic plans to invest resources to efficiently reduce cybersecurity risk.

Qualifications

Minimum Requirements
8+ years software engineering experience including 7+ years managerial experience

Critical Skills
  • Minimum of 8+ years in IT, Information  Security Services, IT audit,  and/or IT Risk Management Experience
  • Strong experience with compliance regulations, security frameworks and standards (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL, etc.).
  • Knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management required.
  • Knowledge of and experience with privacy and security law issues, particularly HIPAA required
  • Strong interpersonal skills to build/ maintain ongoing business relationships
  • Strong Project and Time Management skills
  • Able to exercise professional judgment within defined procedures
 
Additional Knowledge & Skills
  • Knowledge of the healthcare and software industries is a plus.
  • CISA, CISSP or other similar professional designations are a plus

Education
4-year degree in computer science or related field or equivalent experience

Physical Requirements
General Office Demands


Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.