Be part of the team that's poised to transform the fight against cancer. Backed by the strength of a Fortune 8 company, our entrepreneurial organization develops technologies used by the oncology community to deliver evidence-based, personalized care, as well as insights used by biopharma companies to accelerate drug development and support the entire treatment journey. Our work powers informed decision-making at every pivotal moment in oncology - from the treatment options presented to patients, to the operational considerations for oncology practices, to the design of clinical trials, to the commercial launch plans for new therapies.
The Director is the Security Leader for the PSaS Ontada Technology Solutions organization who is accountable for the Information Protection strategy and program. The Director will partner with Ontada leaders and other stakeholders to improve information security posture and ensure all work products are on-time and high-quality to comply with the McKesson Global Information Security program. The Director will report into the Business Information Security Officer (BISO), PSaS.
Key responsibilities include:
- Engage as a member of the business unit senior leadership team to understand, discuss, and advise on strategic priorities, concerns and key IT risks.
- Be a part of the IT leadership team and act in a consultative way to help improve security posture and adherence to security policies and required controls.
- Formulate, articulate, and align key stakeholders on a risk-based strategy and roadmap to mature the security and compliance posture of the local organization.
- Champion McKesson's Information Protection strategy, ensuring enterprise objectives and requirements are communicated and understood by local stakeholders
- Maintain a strong understanding of the CI/CD IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
- Work proactively with leadership to ensure security, IT risk and compliance is actively built into organizational objectives and procedures
- Coordinate regular, timely reporting on the information security status across the BU leadership team and communicate metrics and reporting to the ISRM leadership team with a focus on continuous improvement
- Ensure new products, services, applications, third party or client relationships have appropriate security controls embedded and that any identified risks are appropriately addressed for remediation
- Facilitate the identification of high value assets to be monitored by the Security Operations Center (iSOC).
- Coordinate information security risk assessments on internal and external Vendors and services.
- Lead a cross-functional team of ISRM shared service teams and BU IT teams to execute and deliver against defined objectives. Areas of focus include:
- Information security risk assessment of internal and external services
- Vendor and customer assurance activities
- IT compliance with Corporate and local policies, regulations (HIPAA, PCI, etc.) and other contractual requirements
- Implementation and monitoring of controls to protect McKesson's assets, including secure software development practices and vulnerability management
- Disaster recovery planning, including integration with business continuity and crisis management plans
- Incident response coordination
- Communicate regarding key deliverables and due dates to ISRM and other stakeholders and service owners (application, infrastructure & business/SaaS vendors) with the goal to ensure compliance with Information Security standards, policies, procedures & guidelines.
- Centralize exception/standards deviation filing and coordination of sign-off in support of the ISRM policy exception process
- Review local processes and products for policy violation/non-compliance areas
- Provide an escalation path for information security issues, incidents, inquiries and investigations
- Work with BU and Corporate leadership to determine acceptable levels of risk, report on variances, and propose mitigation activities
- Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions
- Partner with enterprise and ISRM service teams to leverage capabilities and subject matter expertise
- Acquire, develop, and retain a high-performing team to support business objectives
- Engage in opportunities to gain external thought leadership and build relationships to inform strategies and propose solutions
- Assist with ISRM and BU budget planning
- 10+ years of professional experience in IT, Information Security Services, IT Audit and/or IT Risk Management
- Experience in risk assessment, audit, and IT security assessments
- 4+ years of mentoring or leadership experience
- Knowledge of secure AWS cloud hosting capabilities
- CISA, CISSP or other similar professional designations
- Familiar with compliance regulations, IT security frameworks and standards (i.e. NIST, HIPAA, PCI, SOX, HITRUST, FedRAMP)
- Knowledge of the healthcare and software industries
- Strong communication and interpersonal skills to build/maintain ongoing business relationships at all levels within an organization
- Strong ability to influence or negotiate with stakeholders dealing with competing priorities
- Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
- Capable of anticipating needs and driving clarity on expectations
- A solution-oriented mindset, with the ability to exercise good professional judgment
- 4 years or equivalent work experience
Must be authorized to work in the U.S, now or in the future, without support from McKesson.
Relocation is NOT budgeted for this position.
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!
McKesson is an equal opportunity and affirmative action employer - minorities/females/veterans/persons with disabilities.