Title: Information Security Analyst (12 month contract)
Location: Cork, Ireland
McKesson Corporation (NYSE: MCK) is a leading healthcare services company dedicated to delivering the vital medicines, supplies and information technologies and services that enable the healthcare industry to provide patients better, safer care. McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with health care providers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission--by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company--and of healthcare. At McKesson, you'll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that's vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
McKesson operates in 14 countries in Europe, serving over 2 million customers every day at about 2,200 pharmacies of its own and over 4,300 participants in brand partnership schemes. The proactive and preventive approach ensures that patients receive the products and support that they require for optimum care. With more than 38,000 colleagues and with 134 wholesale branches, McKesson Europe supplies 65,000 pharmacies and hospitals every day with up to 130,000 pharmaceutical products. The services benefit a patient pool of about 15 million per day.
McKesson Corporation reported revenue of $214 billion in FY2018 and is ranked #7 on the Fortune 500.
United by our iCare values our 78,000 employees work together every day to make better care possible for patients around the globe.
Our vision - To improve care in every setting -- one product, one partner, one patient at a time.
The Information Security Analyst will be part of the Security Capability Management and Governance team responsible for leading or supporting the execution of Information Security and Risk Management (ISRM) goals and objectives in Europe through the governance and management of ISRM initiatives and resources and ensure security risks are managed and the organization complies with security requirements and regulations through active collaboration with our customers and stakeholders. The role will provide security risk and compliance services to the stakeholders to improve the overall information security posture for their respective environments, help drive key cybersecurity initiatives, provide progress and reporting metrics, and ensure all systems comply with the Global CISO's Information Security program. The role will report directly to the Director of Information Security, Security Capability Management and Governance.
Key responsibilities include:
Engage directly with the appropriate Technology Capability teams to ensure new products, services, applications, third party relationships have been assessed for controls and that any identified risks are appropriately addressed.
Lead new and recurring security risk assessments (e.g. GDPR, PCI, etc.), collaborate on the development of mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, to obtain a holistic risk posture.
Establish security requirements for projects/programs (e.g. systems upgrade or implementation) and operations through engagement with Business and IT teams.
Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
Work proactively with Business Information Security Officers (BISOs) and Technology Capability teams to ensure security, IT risk and compliance is actively built into the organization objectives and procedures.
Assist with the coordination and prioritization of work for implementing cybersecurity initiatives.
Maintain a strong understanding of the Business Unit IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
Provide regular, timely reporting on the information security status across Technology Solution teams and, provide regular metrics and reporting to the Director of Information Security with a focus on continuous improvement
Collaborate with the relevant Technology Solution Teams and act in a consultative way to help improve the security posture and adhere to security policies and expected controls.
Facilitate the identification of high value assets to be monitored by ISRM.
Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies and procedures
Provide escalation path for information security issues, incidents and enquiries
Work with the Technology Capability team and Business Unit management team to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities.
Partner with enterprise service teams to leverage capabilities and subject matter expertise
Acts as an Information Security subject matter expert on responsible area and endorse recommended solutions, providing thought leadership, coaching and mentoring to other information security analysts as required.
4+ years in IT, Information Security Services, IT audit, and/or IT Risk Management
Strong security risk analytical knowledge and skills applying in different business contexts.
Experience in risk assessment, GRC software, audit, and IT security assessments
Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST, GDPR, PCI, SOX, HITRUST)
Knowledge of Information Security control frameworks (e.g., NIST Cybersecurity Framework, Center for Internet Security Critical Security Controls, ISO 27001, etc.)
Strong communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization
Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
Strong ability to influence or negotiate with stakeholders dealing with competing priorities
Capable of anticipating needs and driving clarity on expectations
Self-Starter that requires minimal supervision, manage different activities effectively, and can provide oversight and coaching to others for any assigned projects or tasks.
Additional Knowledge & Skills
Knowledge of the healthcare and software industries
CISA, CISSP or other similar professional designations
Familiarity with healthcare, privacy, and financial compliance regulations would be an advantage
Knowledge of Jira and operating in agile would be an advantage
Project management skills would be an advantage
Education 4-year degree in information technology or related field or equivalent experience
Internal Number: JR0038262
About McKesson Corporation
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.