Senior Security Architect

McKesson   •  

Scottsdale, AZ

Industry: Healthcare


8 - 10 years

Posted 32 days ago

Every single McKesson employee contributes to our mission�by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company�and of healthcare. At McKesson, you�ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that�s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.� Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Position Description

This position is part of McKesson�s Information Security and Risk Management (ISRM) Identity Access Management Security Architecture team and is responsible for building and promoting information security capabilities and compliance for the enterprise identity, network and applications across McKesson Corporation.

As a McKesson Digital Identity Information Security Architect, you will be a key member of our ISRM IAM Security Architecture team.� The candidate will have a deep background in keys aspect of security architecture needed to enable and securely deliver infrastructure and applications hosted within McKesson infrastructure and public cloud providers space. S/he will work collaboratively with the Enterprise Architecture team, ISRM Security Architecture and Global ISRM Service owners to ensure solutions and services are designed and adopted effectively by McKesson business units. �The position works closely with stakeholders in Infrastructure, Operations, Applications, and Compliance management to ensure alignment to our Global service capabilities.

S/he will be an enthusiastic advocate of the globally-led Information Protection Strategy, ensuring that all global initiatives and services are appropriately adopted by Business Units, following our strategic principle of global oversight, local insight and applying outside in thinking approach.

Key Responsibilities

Responsibilities will include:

  • Develop and maintain a comprehensive vision and strategy for network security architecture to accomplish department objectives of protecting McKesson systems and data hosted in the Mckesson data centers and the cloud
  • Understand, research, design and develop secure implementations of technology solutions, and oversee large rollouts of the same.
  • End to end analysis, requirements development, design, and governance of the security processes and tools ecosystem within McKesson Technology infrastructure, partnering with IT and business colleagues as appropriate
  • Understands the drivers and requirements of the business and translates those into technology solutions, serving as a liaison between technical teams and management
  • Security technical and Information Protection leadership for fine grained solutions including developing secure and sustainable security reference architectures where applicable
  • Identify and document critical path decisions, make recommendations, and influence program leaders / business process owners
  • Able to communicate processes� and tool automation needs to Automation Team to drive infrastructure as a code mentality.
  • Participate in Scaled Agile planning and activities deploying enterprise program creating Global Network Security Services within McKesson, identify customer needs, converting those into functional requirements and creating program roadmap, driving objectives and managing program backlog.

Minimum Requirement

  • 8+ years security architecture and/or security engineering overseeing network security capabilities

Critical Skills

  • Designing and implement global PKI supporting Windows, Mac OS, IOS and Android operating systems
  • Assess use cases and implement PKI/encryption to address the identified need
  • Understand mid- and long-term PKI needs and articulate a strategy for future investment and implementation
  • Manage in-house and cloud-based Microsoft Certificate Authority
  • Manage PKI-related managed services and external vendor relationships with KeyFactor and DigiCert
  • Deploy and manage subordinate Certificate Authorities (eg. SSL Interception solutions)
  • Monitor and administer certificate usage, deployment, and lifecycle
  • Configuring and deploying certificate templates, CRL�s distribution and management, Consult on policy for wildcard and SAN certificates
  • Assist system administrators and developers on encryption and digital signature solutions for applications
  • Acts as subject matter expert and provides consulting to all internal teams around PKI/Key Management and endpoint security
  • Experience in digital identity, network security architecture design, documentation and best practices; understand enterprise architecture frameworks and can independently author and assess technical architectures
  • Deep level understanding of TCP/IP (Transmission Control Protocol/Internet Protocol) networking and the OSI (Open Systems Interconnection) 7-layer model
  • Detailed understanding of attack vectors, current threats, and their remediation strategies;
  • Strong time management skills planning, organizing, and leading architecture development efforts
  • Strong interpersonal and communications skills to build/ maintain ongoing business relationships
  • Self-Starter that requires minimal supervision, multi-tasks effectively, and can provide oversight and coaching to others for any assigned projects or tasks.
  • Detailed understanding of control frameworks and reference architectures such as NIST, CyberSecurity kill chain.
  • Understanding of various compliance regulations/laws, and standards (e.g., PCI DSS, HIPAA).
  • Able to stay on top of latest cybersecurity developments and next gen platforms

Additional Knowledge & Skills

  • Knowledge of healthcare, privacy, and financial compliance regulations are a great asset.
  • Experience of working with SAFe (Scaled Agile Framework for the enterprise)
  • Previous hands-on PKI and key management engineering knowledge and experience, implementing and operationalizing security toolsets.
  • Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.
  • Able to work with suppliers and vendors to assess a true value of cybersecurity capabilities vs what they are offering as a sales pitch and how those capabilities would apply to McKesson as a whole, from integrations to existing cybersecurity eco-system to their operationalization.
  • Cultivates and maintains current and future state architecture around PKI/Key Management
  • Collaborates with other architects and BISOs to translate business requirements to solutions and to build new capabilities
  • Interfaces with various security teams while supporting PKI and Certificate Management products such as Microsoft Certificate Authority, KeyFactor CMS, and DigiCert Managed-SSL
  • Interfaces with application teams from various BUs, consulting them on PKI and Certificate management topics
  • Creating technical documentation, Presentation and communication skills
  • Solid understanding of cryptographic algorithms and hashing functions and Experience with PKI-based protocols and certificate-enabled applications (e.g. SSL/TLS, S/MIME, authentication, etc.)
  • Solid understanding of Windows, UNIX, Linux, and web-based systems
  • Practical experience with the deployment of device certificates and SmartCards in an enterprise environment


  • 4-year degree in computer science or related field or equivalent experience


  • Cyber Security and/or network related certifications (s) such as CISSP, ISSAP, GCED, or proven equal experience.