Lead Information Security Specialist (Threat & Vulnerability Management)

Lead Information Security Specialist (Threat & Vulnerability Management)

McKesson is looking for a Lead Information Security Analyst, Threat & Vulnerability Management to help support McKesson's information security capabilities and compliance across Business units and Enterprise IT organizations.

As a Lead Information Security Analyst, you will be a key member of our Cybersecurity team, with a background in Threat & Vulnerability Management.

You will represent the Cybersecurity team on various projects and boards, playing a critical role in safeguarding the organization’s information and systems by identifying and addressing vulnerabilities.

This position involves monitoring, analyzing, and advising on vulnerability-related risks.

Read on to find out what you will need to succeed in this position, including skills, qualifications, and experience.

Responsibilities :

• Vulnerability Monitoring : Continuously monitor relevant sources (CVE databases, security bulletins, etc.) for newly identified vulnerabilities and assess their impact and severity.
• Risk Evaluation : Evaluate the risks posed by identified vulnerabilities and collaborate with cross-functional teams to prioritize them based on business impact.
• Advisory Role : Provide actionable recommendations to management regarding vulnerability remediation and advise on measures to reduce risk exposure.
• Trend Analysis : Analyze vulnerability data to identify trends and stay informed about industry best practices.
• Stakeholder Communication : Regularly communicate vulnerability status and risk mitigation efforts to relevant stakeholders.
• Key Results : Achieve high patch compliance rates, continuously reduce critical vulnerabilities, minimize remediation time, and improve overall risk scores.

Qualifications (Education, Experience, Skills / Competencies) :

• 4-year degree in IT Security, Information Systems, Computer Science, Engineering, or a related field, or equivalent experience.
• 5+ years of experience in systems and / or applications security, including maintenance and use of security products.
• Knowledge of investigative methodologies and risk management.
• Ability to manage security vulnerabilities and risks across the organization.
• Knowledge of Security and Control Frameworks such as NIST, ISO, etc.
• Security-related qualifications such as CISSP, GPEN, CEH, etc.

Additional Knowledge & Skills (Optional) :

• Knowledge of healthcare, privacy, and financial compliance regulations.
• Experience with secure deployment of applications in cloud environments.
• Strong analytical and troubleshooting skills.

We are proud to offer a competitive compensation package at McKesson, determined by factors including performance and geographical markets.

Our Base Pay Range for this position is $139,000 - $231,600.

McKesson is an Equal Opportunity Employer.

Join us at McKesson!

J-18808-Ljbffr