McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive, and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Current Need:

McKesson is looking for a Sr. Director, Third Party Risk Management (TPRM) to join it’s Information Security Risk Management (ISRM) organization. The Sr. Director, TPRM is a critical role that will be accountable for managing the TPRM program, annual SOC 1 and SOC 2 attestations, “crown jewels” identification and prioritization, and centralized IT audit readiness and support. This leader is expected to possess strong process management and communication skills while being able to collaborate and partner cross functionally within McKesson Technology as well as with Legal, Internal Audit, and Sourcing & Procurement.

Direct report to the Global Chief Information Security Officer (CISO).

Key responsibilities include:

• Ensure due diligence of third parties prior to on-boarding inclusive of information security requirements within contract

• Drive cross functional alignment on IT related audit findings and reports and proactively manage remediation plans to timely closure

• Provide oversight and coordination for timely delivery of annual SOC 1 and SOC 2 attestations

• Identify “crown jewels” and prioritization of application landscape; refine and acquire alignment on methodology and approach

• Communicate maturity, progress, risks, and service level performance through defined metrics (e.g. KRIs, KPIs, OKRs); establish "go to green" plan where underperforming or at risk

• Partner and collaborate with other stakeholders (e.g. BISOs, Legal, Sourcing & Procurement, Internal Audit, Shared Service Teams) to drive continuous improvement and enable objectives

• Manage and develop team into a High Reliability Organization (HRO)

Minimum Requirements:

• Typically requires 13+ years of professional experience and 6+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience)

Critical Skills:

• Experience in third party risk assessments, vendor, and customer assurance activities

• Strong understanding of auditing practices and frameworks (e.g. IIA, PCAOB)

• Familiar with IT compliance, regulations, and security frameworks and standards (e.g. NIST 800, ISO/IEC 27002, HIPAA, PCI, SOX, HITRUST)

• Excellent leadership, communication, facilitation, and presentation skills

• Experience driving strong partnerships with business and MT leaders

• Ability to communicate technical security risks to non-technical business stakeholders

• Strong ability to influence or negotiate with stakeholders dealing with competing priorities

• A solution-oriented mindset, with the ability to exercise good professional judgment

• Capable of anticipating needs and driving clarity on expectations

• Operational excellence and service delivery through data driven results and Service-Level Agreements (SLAs)

• Strong customer and quality focus

• Continual Service Improvement and/or Lean Six Sigma experience

• Experience building and leading high performing security teams

Additional Knowledge & Skills:

• CISSP, CISA, CISM or other similar professional certifications

• IT auditing and/or compliance experience

• Knowledge of the healthcare or software industries is a plus

• Incident Response experience preferred

• ISO 9000:2015 Quality Management Systems (QMS) experience a plus

• Understanding of IT General Controls (ITGC) and Good Documentation Practices (GDP)

• Vendor Management experience

Education:

• 4-year degree (in computer science or related field) or equivalent experience

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!