Sr. Information Security Analyst

McKesson is looking for a Senior Information Security Analyst in the Information Security & Risk Management organization. This individual contributor is expected to possess strong analytical, process management, and communication skills. The role is tasked with driving and executing critical programs that govern and ensure compliance with McKesson’s policies, applicable regulations, and controls.

Position Description

The Senior Information Security Analyst is experienced with delivering enterprise IT security and compliance programs, including but not limited to:

  • IT audit support including the management and tracking of remediation plans
  • NIST and HITRUST control frameworks, ISO 27001 / SOC 1/2
  • Global Regulatory Compliance, including GDPR, CCPA, HIPAA, PCI, SOX, PIPEDA
  • Data protection, classification, handling, and retention
  • KPI/data/scorecards around risks, control gaps, progress – leverage analytics for trending and identification of systemic themes

The ideal candidate will have Fortune 1000 experience with demonstrated success in assisting IT information security, especially delivering with compliance programs. The successful candidate must have a proven ability to:

  • Partner and collaborate with leadership, cross-functional teams, and stakeholders across the enterprise, displaying strong influencing skills to work with various service and capability owners
  • Demonstrate strong communications and analytical skills, and be comfortable getting up to speed quickly on technical, security related content
  • Display analytical and planning skills necessary to manage key stakeholders for the implementation or improvement of information security controls
  • Prioritize and execute tasks with competing priorities
  • Develop the strategy and define metrics for management reviews cross functionally
  • Manage the analysis of critical information security processes, documentation and service delivery models; facilitate remediation of known issues resulting from gap analysis

Due to the nature of this role interfacing with all levels of the organization, cross-functional stakeholders, both business and technology partners, we are looking for an experienced professional who brings well rounded experience.

Minimum Requirements

Typically has 7+ years of professional experience in IT Security or Compliance including project management, requirements definition, data analysis and/or deployment of business requirements to information systems.

Critical Skills

  • 7+ years in IT, Information Security Services, Security Operations, Information Systems Services, Data Protection, IT Deployment, and/or IT Compliance
  • Risk assessment, audit, and IT security assessments
  • Self-starter with a drive to continuously improve processes and remove inefficiencies
  • Interfacing with vendors, shared services owners, architecture, engineers and system owners to drive control capabilities to meet policy and regulatory compliance requirements
  • Have a general understanding of security technologies, which may include: SIEM, DLP, IDS/IPS, firewalls, and many other security compliance controls
  • Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST 800, ISO/IEC 27002, GDPR, CCPA, HIPAA, PCI, SOC 1/2, SOX, HITRUST)
  • Proficiency with Microsoft Office

Additional Skills

  • Strong ability to influence or negotiate with stakeholders dealing with competing priorities
  • A balanced and strong communicator, calm, collected, organized, empathetic, who approaches situations thoughtfully
  • Ability to take information from many sources and put it in context for the proper audience to provide insightful and unique compromises or solutions
  • Capable of anticipating needs and driving clarity on expectations
  • A solution-oriented mindset, with the ability to exercise good professional judgment
  • CISA, CISSP or other similar professional designations

4-year degree in computer science, information systems, or related field or equivalent experience preferred

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

More Information

Apply for this job

Leave your thoughts

Share this job