SENIOR DIRECTOR BUSINESS INFORMATION SECURITY OFFICER (BISO)

Effective Date : February 22, 2017

Your Consent

Google Analytics*

We may use Google Analytics to measure how you interact with our website in order to improve the user experience. To learn more about Google Analytics privacy practices and opt-out, click .

Google Analytics for Remarketing*

and based on your past visits to our website. We may share this personal information with other third parties.

• Marketo*
• ServiceTick*

ServiceTick is a third-party cookie we use on our website for anonymous website traffic identifiers and online customer satisfaction data.

We do not share this data with other third parties. To learn more about ServiceTick privacy practices, click .

SessionCam*

SessionCam is a third-party cookie we use for online customer satisfaction data. We do not share this data with other third parties.

To learn more about SessionCam privacy practices, click .

• ClickTale*
• Pardot*
• DoubleClick*
• To opt out of DoubleClick or to control your advertising preferences, click .
• BrightCove*
• Twitter*
• HTML5 Storage*

Other Tracking Technologies Used

We may use other tracking technologies to collect and store personal information about your visit to our website. They may include :

Server Logs used to track the website traffic (i.e. number of website visitors, number of visitor per page, IP address, etc.

We may use this information to analyze the website traffic in order to improve our business and user experience.

Web Beacons used to collect aggregate information (i.e. loading errors, most visited website pages, etc.). We may use web beacons to help display website content that is relevant to you and generate website traffic statistics to enhance our website.

Embedded Content and Features

Facebook

Google

LinkedIn

Twitter

Web of Trust

YouTube

How We Respond to Do Not Track Signals

Our website does not respond to web browser Do No Track signals.

McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.

We are looking for a (Sr. Director) Business Information Security Officer (BISO) to develop and execute a risk-based information security plan for the Corporate business unit.

Position Description :

The BISO is the Security Leader who is accountable for the Information Protection strategy and program. The BISO will partner with BU leaders and other stakeholders to improve the information security posture and ensure all work products are on-time and high-quality to comply with the Global CISO's Information Security program.

Key responsibilities include :

• Engage as a member of the business unit senior leadership team to understand, discuss, and advise on strategic priorities, concerns and key IT risks.
• Be a part of the BU IT leadership team(s) and act in a consultative way to help improve the security posture and adhere to security policies and expected controls.
• Formulate, articulate, and align key stakeholders on a risk-based strategy and roadmap to mature the security and compliance posture of the local organization.
• Champion McKessons Information Protection strategy, ensuring enterprise objectives and requirements are communicated and understood by local stakeholders.
• Maintain a strong understanding of the IT environment to manage the threat and risk landscape application stacks, infrastructure components, and external facing footprint.
• Work proactively with BU leadership to ensure security, IT risk and compliance is actively built into the organization objectives and procedures.
• Provide regular, timely reporting on the information security status across the BU leadership team and, provide regular metrics and reporting to the ISRM leadership team with a focus on continuous improvement.
• Ensure new products, services, applications, third party or client relationships, have appropriate security controls embedded and that any identified risks are appropriately addressed.
• Facilitate the identification of high value assets to be monitored by the Security Operation Centre (iSOC).
• Coordinate information security risk assessments on internal and external services.
• Lead a cross-functional team of ISRM shared service teams and BU IT teams to execute and deliver against defined objectives.

Areas of focus include :

• Information security risk assessment of internal and external services
• Vendor and customer assurance activities.
• IT compliance with Corporate and local policies, regulations (HIPAA, PCI etc.) and other contractual requirements.
• Implementation and monitoring of controls to protect McKessons assets, including secure software development practices and vulnerability management.
• Disaster recovery planning, including integration with business continuity and crisis management plans.
• Incident response coordination.
• Communicate regarding key deliverables and due dates to ISRM and other stakeholders and service owners (application, infrastructure & business / SaaS vendors) with the goal to ensure compliance with Information Security standards, policies, procedures & guidelines.
• Centralize exception / deviation filing and coordination of SVP sign-off in support of the CISO exception process and review local processes and products for policy violation / non-compliance areas.
• Provide escalation path for information security issues, incidents and inquiries.
• Work with BU and Corporate leadership to determine acceptable levels of risk, report on variances, and propose / lead mitigation activities.
• Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
• Partner with enterprise service teams to leverage capabilities and subject matter expertise.
• Acquire, develop, and retain a high-performing team to support business objectives.
• Engage in opportunities to gain external thought leadership and build relationships to inform strategies and propose solutions.
• Inform information security budget planning.

Minimum Requirements :

• 10+ years in IT, Information Security Services, IT audit, and / or IT Risk Management.
• 5+ years managerial experience.
• Must be authorized to work in the United States.

Critical Skills :

• Strong communication and interpersonal skills to build / maintain ongoing business relationships at all levels within an organization.
• 4-year degree in computer science or related field or equivalent experience
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities
• Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and / or multiple projects on-time and within budget based on agreed upon scope and business goals.
• Capable of anticipating needs and driving clarity on expectations.
• A solution-oriented mindset, with the ability to exercise good professional judgment.
• Experience in risk assessment, audit, and IT security assessments.
• Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST, HIPAA, PCI, SOX, HITRUST).
• Knowledge of the healthcare and software industries.
• CISA, CISSP or other similar professional designations.

Whats in it for you :

• Rewarding career with a fortune 10 company that allows you to do great things for patients around the world
• Competitive pay and incentive programs
• Trendy new office space
• Diverse and Inclusive Collaborative environment
• Medical, Dental and Vision Health plans including a great Wellness plan that reduces your premium costs and encourages your best healthy self
• Health Fairs and free biometrics screenings
• Onsite Fitness Centers with locker rooms and outdoor trails near by
• Generous PTO and paid Holidays
• 401K with Company Match
• Career deve
30+ days ago