McKesson has embarked on an important mission to become the leader in cybersecurity for global healthcare. We are making significant investments to enhance our capabilities through talent development, resource levels, process maturity, and technology enablement.
Does this sound like you?
Cybersecurity makes you tick, you thrive on active defense and security against external and internal threats. You enjoy the challenges and devising strategies in order to be one step ahead in the game. You are methodical and proactive against potential attackers and possess experienced insight around secure and preventative measures.
How you'll make a difference:
You will be responsible for delivering a cohesive set of technical cybersecurity capabilities across threat intelligence, monitoring, incident response, forensics, and red/blue teaming. You will work closely with others across the company and outside the company to lead technical cyber defense. You have deep technical security knowledge/expertise, proven service management skills, and the ability to manage supervisors of medium to large teams facing unique market challenges in talent attraction, development, and retention.
- Strategic Planning – Develop and maintain a comprehensive vision and strategy of how active defense services can and will be used to accomplish department objectives of protecting our systems and data while facilitating new and existing business models highly dependent on technology.
- Program Management - Manage a large portfolio of cybersecurity operational services and the pipeline of projects/tasks to create, evolve, and change them as needed. Various peers and partners will provide from the Information Security and Risk Management (ISRM) and McKesson Technology (MT) organizations including risk management alignment, project management, financial planning, and human resources.
- Operations – Build and lead a large team (35-45 staff) that delivers business critical preventive and detective control sets including:
- Understanding of potential attackers and how they are most likely to attack
- Technical identification of and remediation of vulnerabilities attackers might use to gain access to our systems or data
- Methodical anticipation, preparation, outmaneuvering of known threats and greater attack trends
- Comprehensive monitoring services (tier 1 – 3), and incident escalation, triage, response, and recovery
- Routine proactive and reactive efforts to identify and eradicate attackers within the enterprise
- Thorough root cause analysis and relevant post-mortem actions of security and operational incidents that result in loss of system integrity or confidential data
- The teams under or working with this position will plan and operate services (internal, managed service, or outsource staffed) commonly referred to as:
- Threat intelligence
- Security monitoring, escalation, and triage
- Cyber threat hunting
- Malware analysis and reverse engineering
- Incident response and recovery
- Forensics (in support of externally and internally driven incidents) and eDiscovery collections
- Red and blue teams for internal and third-party environments
- Coordination of technical activities with outside security communities including industry peers, researchers, law enforcement, other government entities (including ISACs and ISAOs), and standards groups such as HiTrust
- You'll be given access to a broad set of technology/tools, strong financial support, and the ability to set and drive new/improved directions as needed.
- Collaboration, Reporting and Financial Management
- Routinely collaborate with other stakeholders across the enterprise including security architecture, identity and access management, security systems administration/tools management, application security, and security software engineering to defend our enterprise.
- Coordinate closely with the ISRM Program Management team to provide regular metrics and reporting to measure the efficiency and effectiveness of the services, facilitate appropriate resource allocation, and increase the overall maturity of security capabilities.
- Collaborate with other corporate functions including Internal Audit, Legal and Compliance, Privacy, and Enterprise Sourcing to ensure that the organization maintains a strong security posture.
- Liaise with Business Information Security Officers (BISOs) for cybersecurity and IT Risk & Compliance Management program needs within business units.
- Develop and manage a security budget and develop strategic plans to invest resources to efficiently reduce cybersecurity risk.
What you will bring to the table:
- Minimum of 8 years' experience in cybersecurity services, security engineering, other IT, and/or technical risk management
- Deep technical understanding of cybersecurity and service lifecycles including capacity planning and change management
- Strong management skills planning, organizing, leading, and measuring service driven teams
- Strong interpersonal and communications skills to build/ maintain ongoing business relationships
- Experience with compliance regulations/laws, security frameworks and standards (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL, etc.).
- Ability to exercise and mentor others on good professional judgment and security-related ethics
- 4-year degree in computer science, other engineering, or related field or equivalent experience
- Knowledge of the healthcare, distribution, or software industries is a plus
- Experience with law enforcement, defense, or intelligence community a plus
- OSCP, SANS/GIAC, CISSP or other similar professional certifications are a plus
What's in it for you:
- Rewarding career with a fortune 10 company that allows you to do great things for patients around the world
- Competitive pay and incentive programs
- Trendy new office space
- Diverse and Inclusive Collaborative environment
- Medical, Dental and Vision Health plans including a great Wellness plan that reduces your premium costs and encourages your best healthy self
- Health Fairs and free biometrics screenings
- Onsite Fitness Centers with locker rooms and outdoor trails near by
- Generous PTO and paid Holidays
- 401K with Company Match
- Career development, trainings, tuition reimbursement
- Additional discount programs and more!