McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
Position Summary:
We are seeking a highly experienced Director of Information Security to lead our organization's cybersecurity initiatives with a focus on third-party risk management, cyber due diligence, onboarding to information security capabilities, and exemplary leadership. In this critical role, you will be responsible for defining and executing strategic security objectives, ensuring the protection of our sensitive data assets, and fostering a culture of security awareness and compliance across the organization.
Key Responsibilities:
- Strategic Leadership:
- Develop and communicate a clear vision and strategic roadmap for the organization's information security program.
- Provide strong leadership and mentorship to the information security team, fostering a collaborative and high-performing culture.
- Establish and maintain effective partnerships with key stakeholders to align security initiatives with business objectives.
- Third Party Risk Management:
- Oversee the development and implementation of a comprehensive third-party risk management program, including policies, processes, and controls.
- Conduct risk assessments of third-party vendors and partners to identify potential security vulnerabilities and ensure compliance with security requirements.
- Collaborate with procurement and legal teams to incorporate security requirements into vendor contracts and agreements.
- Cyber Due Diligence:
- Lead cyber due diligence efforts for mergers, acquisitions, and other business transactions, ensuring that security risks are thoroughly assessed and mitigated.
- Conduct comprehensive assessments of target organizations' cybersecurity posture, systems, and controls to identify potential risks and liabilities.
- Provide strategic recommendations and guidance to senior leadership based on due diligence findings.
- Onboarding to Information Security Capabilities:
- Develop and implement processes for onboarding new systems, applications, and technologies to ensure they meet security standards and requirements.
- Collaborate with IT and business stakeholders to integrate security controls and practices into the development lifecycle of new projects and initiatives.
- Provide training and awareness programs to educate employees on information security best practices and procedures.
- Security Operations and Incident Response:
- Oversee security operations, including monitoring, detection, and response to security incidents and breaches.
- Establish incident response procedures and protocols to ensure timely and effective resolution of security incidents.
- Conduct post-incident reviews and analysis to identify lessons learned and implement improvements to security controls and processes.
- Compliance and Governance:
- Ensure compliance with relevant regulatory requirements, industry standards, and internal policies related to information security.
- Develop and maintain security policies, standards, and procedures in accordance with best practices and industry guidelines.
- Coordinate and support internal and external audits and assessments of information security controls and practices.
Qualifications:
- Bachelor's degree (in Information Security, Computer Science, or related field; Master's degree preferred), or equivalent work experience..
- 10+ years of experience in Information Security roles, with at least 5 years in a leadership or management position.
- Extensive experience in third-party risk management, cyber due diligence, and security operations.
- Strong leadership and communication skills, with the ability to influence and inspire teams to achieve security objectives.
- Demonstrated ability to develop and execute strategic security initiatives that align with business goals.
- In-depth knowledge of security technologies, tools, and methodologies.
- Proven track record of building and maintaining effective relationships with internal and external stakeholders.
- CISSP, CISM, or similar certification highly desirable.
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please click here.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
Our Base Pay Range for this position
$152,900 - $254,900
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!