Lead Information Security Specialist (Threat & Vulnerability Management)
Lead Information Security Specialist (Threat & Vulnerability Management)
McKesson is looking for a Lead Information Security Analyst, Threat & Vulnerability Management to help support McKesson's information security capabilities and compliance across Business units and Enterprise IT organizations.
As a Lead Information Security Analyst, you will be a key member of our Cybersecurity team, with a background in Threat & Vulnerability Management.
You will represent the Cybersecurity team on various projects and boards, playing a critical role in safeguarding the organization’s information and systems by identifying and addressing vulnerabilities.
This position involves monitoring, analyzing, and advising on vulnerability-related risks.
Read on to find out what you will need to succeed in this position, including skills, qualifications, and experience.
Responsibilities :
- Vulnerability Monitoring : Continuously monitor relevant sources (CVE databases, security bulletins, etc.) for newly identified vulnerabilities and assess their impact and severity.
- Risk Evaluation : Evaluate the risks posed by identified vulnerabilities and collaborate with cross-functional teams to prioritize them based on business impact.
- Advisory Role : Provide actionable recommendations to management regarding vulnerability remediation and advise on measures to reduce risk exposure.
- Trend Analysis : Analyze vulnerability data to identify trends and stay informed about industry best practices.
- Stakeholder Communication : Regularly communicate vulnerability status and risk mitigation efforts to relevant stakeholders.
- Key Results : Achieve high patch compliance rates, continuously reduce critical vulnerabilities, minimize remediation time, and improve overall risk scores.
Qualifications (Education, Experience, Skills / Competencies) :
- 4-year degree in IT Security, Information Systems, Computer Science, Engineering, or a related field, or equivalent experience.
- 5+ years of experience in systems and / or applications security, including maintenance and use of security products.
- Knowledge of investigative methodologies and risk management.
- Ability to manage security vulnerabilities and risks across the organization.
- Knowledge of Security and Control Frameworks such as NIST, ISO, etc.
- Security-related qualifications such as CISSP, GPEN, CEH, etc.
Additional Knowledge & Skills (Optional) :
- Knowledge of healthcare, privacy, and financial compliance regulations.
- Experience with secure deployment of applications in cloud environments.
- Strong analytical and troubleshooting skills.
We are proud to offer a competitive compensation package at McKesson, determined by factors including performance and geographical markets.
Our Base Pay Range for this position is $139,000 - $231,600.
McKesson is an Equal Opportunity Employer.
Join us at McKesson!
J-18808-Ljbffr