Job Information


The BISL will assist in providing recommendations and support for business/application specific risk assessments to include HIPAA, NIS, HIRUST, etc. and internal security practices, policies, and standards. The ISL will also lead/assist sub-BUs and Functional BU Divisions in the engagement to plan, educate, facilitate, and remediate security initiatives/projects across their assigned Business Unit(s) (BU) within McKesson. Additionally, this position will require collaboration and coordination with the BU Business Engagement Leaders (BELs) and ISRM security service towers/delivery leader and internal business clients.Critical Duties:Manage personnel directly/in a matrixed environmentISRM Governance & Risk management compliance programDefine goals, progress towards those goals, timelines, planned activities, and issue remediation planning (annual planning, HIPAA, NIST 800-53/800-53A) related activities like control testing, etc.)Consult and advise on business level security health, risks/issues, provides updates to BISOManage progress tracking communications with the business application ownersManage progress tracking and remediation (BU BISO and BELs)ISRM Policies and Standards:Comment and review ISRM policies and procedures to identify required ISRM exceptions per BUFacilitate in and foster ISRM activities for new application and system developmentFull review of compliance/exceptions to policies with CIO and BISO (annual review)Partner with BU Internal Audit (IA) and other similar, internal groupsAdditional Knowledge & Skills:Implement and demonstrate experience with cybersecurity best practices, security, and risk frameworks (i.e., NIST, HITRUST, FDA, ISO 27000, etc.).Ability to think strategically, work with a sense of urgency and attention to detailAbility to develop and follow detailed process and procedure documentationAbility to present and solve complex solutions and methods to non-technical peopleMust possess detailed planning and organizational skillsExperience managing client expectations and working with clients to minimize their risk exposureMust establish compliance with all external governing bodies and internal ISRM policies, standards, and SOPsMust work as part of a team or individual contributor and be able to manage complex relationships with all stake- holdersMust be well organized, a strong communicator, detail oriented, demonstrate good judgment, be confident working independentlyMust have excellent verbal and written communication skills and the ability to interact professionally with a diverse group including, executives, managers, and subject matter expertsMinimum Qualifications:5-7+ years of relevant experienceEducation:Bachelor\'s degree (in related field) or equivalent experienceCertifications/Licensure:Industry cybersecurity certification(s) (e.g. CISM, PMP, CCISO, Security+, etc.) a plusAt McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That\'s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, pleaseAs part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.Our Base... For full info follow application link.McKesson is an equal opportunity and affirmative action employer - minorities/females/veterans/persons with disabilities.