Information Security Lead - B2B Mckesson
Dallas, TX

Job Description

Current Need

We are seeking Information Security Lead - B2B to join our team in Alpharetta or Las Colinas!

Position Description

The Information Security Lead - B2B will be responsible for orchestrating the Cybersecurity and IT Risk & Compliance Management strategy and program for the respective IT Capability.

The Security Lead will partner with the corresponding Solution Teams and stakeholders to improve the overall information security posture for their respective environments, help drive key cybersecurity initiatives, provide progress and reporting metrics, and ensure all systems comply with the Global CISO's Information Security program. The Security Lead will report directly to the Business Information Security Officer (BISO) with additional accountability to the Solution Team Leaders.

Key responsibilities include:

* Engage directly with the Solution Teams to understand, discuss, and advise on strategic priorities, concerns and key IT risks.
* Help coordinate and prioritize the work and resources for implementing cybersecurity initiatives, including directing the Solution Teams' Security Architect and Engineer.
* Be a part of the Solution Team and act in a consultative way to help the business improve its security posture and adhere to security policies and expected controls.
* Engage directly with the Shared Security Services team to increase adoption of standard security tools (prevention/detection/monitoring), lead onboarding processes, align with long term security roadmap and escalate operational issues.
* Champion McKesson's Cybersecurity Strategy, ensuring enterprise objectives and requirements are communicated and understood by local stakeholders
* Maintain a strong understanding of the IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
* Work proactively with IT Capability leadership to ensure security, IT risk and compliance is actively built into the organization objectives and procedures
* Provide regular, timely reporting on the information security status across Solution Teams and, provide regular metrics and reporting to the BISO with a focus on continuous improvement
* Engage directly with the appropriate teams to ensure new products, services, applications, third party or client relationships, have been assessed for security controls and that any identified risks are appropriately addressed.
* Facilitate the identification of high value assets to be monitored by the Active Defense
* Coordinate information security risk assessments on internal and external services.
* Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies, procedures & guidelines.
* Provide escalation path for information security issues, incidents and enquiries
* Work with the IT Capability team and Corporate leadership to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities
* Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions
* Partner with enterprise service teams to leverage capabilities and subject matter expertise

Minimum Requirements

Typically has 6 years relevant experience

Critical Skills

* 4+ years in IT, Information Security Services, IT audit, and/or IT Risk Management including 2+ years managerial or lead experience
* Experience in risk assessment, GRC software, audit, and IT security assessments
* Managed or paved a lead role in HITRUST certification efforts, including self-assessments, coordinating remediation, and working with assessors.
* Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST, HIPAA, PCI, SOX, HITRUST)
* Experience in working with solution teams and application teams in operationalizing IT Security and Privacy policies across the organization.

Additional Knowledge & Skills

* Strong communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization
* Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
* Strong ability to influence or negotiate with stakeholders dealing with competing priorities
* Capable of anticipating needs and driving clarity on expectations
* A solution-oriented mindset, with the ability to exercise good professional judgment
* Knowledge of the healthcare and software industries
* CISA, CISSP or other similar professional designations
* Strong project planning and prioritization skills, with the ability to respond quickly to a changing dynamic.

Education

4-year degree in computer science or related field or equivalent experience

McKesson is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.Current employees must apply through internal career site.Join us at McKesson!