The Senior Information Security Analyst will work closely with the Information Security Risk Management (ISRM) teams and business process owners, this position is responsible for the timely delivery of McKesson’s regulatory compliance and audit initiatives, client security assessments, vendor assessments, and other technical cybersecurity assessments.

Position Description:

This position is part of McKesson’s ISRM team and is responsible for building and promoting the Cybersecurity framework, assessing controls, providing guidance, and maintaining compliance across the MMS business unit and enterprise IT organizations.  Responsibilities include:

Provide support and guidance to key application and infrastructure stakeholders as a part of the enterprise cybersecurity program.
Work closely with the business and IT teams to establish security requirements for projects/programs (e.g. systems upgrade or implementation) and operations
Lead new and recurring security risk assessments (e.g. HIPAA, PCI, FedRAMP, HITRUST, NIST CSF, ISO etc.) develop mitigation plans and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, etc. to obtain a holistic risk posture.
Perform a range of security assessments to identify information threats, internal control weaknesses, and remediation strategies
Assist project teams in integrating vendors securely, and periodically re-evaluate the security and compliance of applications and systems
Mature the enterprise risk assessment and reporting function to meet audit and compliance requirements
Collect and publish monthly qualitative and quantitative key risk indicators (KRIs)
Minimum Requirements:

Typically requires 7+ years relevant experience.

Bachelor’s degree in Computer Science, Information Security, or relevant experience


Critical Skills

6+ years’ experience in administering, managing and/or monitoring security controls in an organization.
3+ years in developing and managing information security policies in accordance with industry regulations
Strong understanding of security audit methodologies with the management of audits with third parties.
Working knowledge of IT security-related regulations/standards
Familiarity and experience with interpreting state or federal requirements/regulations and providing specific guidance to IT teams to meet regulatory requirements
Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.
Capable of identifying management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.
Requires excellent technical, policy and procedural writing skills
Requires excellent reporting and presentation skills
Additional Knowledge and Skills:

One or more of the following certifications:CISSP – Certified Information Systems Security Professional
CISA – Certified Information Systems Auditor
CISM – Certified Information Security Manager
CRISC – Certified in Risk and Information Systems Control
2+ years of experience as an Information Security Analyst within the healthcare technology sector
Knowledge and understanding of regulatory compliance standards, particularly SOC1 and Service Organization Controls (SOC), HIPAA, HITRUST, FedRAMP, Federal Information Security Management Act (FISMA), NIST Cyber Security Framework (CSF), NIST 800 series
Must be authorized to work in the US.  Sponsorship is not available for this position.


McKesson is an Equal Opportunity/Affirmative Action employer.


All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.


McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to [email protected] . Resumes or CVs submitted to this email box will not be accepted.


Current employees must apply through the internal career site.


Join us at McKesson!