McKesson’s Senior Director of Information Security Solutions will be a key component of our global team. This position will be responsible for leading a high performing team for designing, building, testing and implementing security solutions within McKesson’s Information network. The Senior Director is expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems and authentication protocols, as well as best practice security products.
As a member of the ISRM Operations and Offensive Engineering leadership team, the position is responsible to cultivate a culture of security stewardship and awareness, ensuring security policies and standards are adhered to at all times. The ideal candidate has deep technical security knowledge/expertise, cybersecurity management, and engineering experience, proven service management skills, and the ability to manage a team facing unique market challenges in talent attraction, development, and retention. The leader will lead the strategy, design, engineering and implementation of robust security strategies, frameworks, platforms, and solutions. The role provides people and technical leadership in addition to solution execution over Security Analytics, Security Orchestration & Automation, Network Security, Endpoint Security, and Data Protection strategies.
Reviewing current system security measures and recommending and implementing enhancements
Ensuring continuous monitoring of network, endpoint, platform, and data security capabilities
Developing security solution roadmaps and project timelines for ongoing system upgrades
Partner with Incident Response and Security Operations to establish monitoring, response, and recovery procedures and conduct periodic security drills
Promptly responding to all security incidents and providing thorough post-event analyses
Develop a set of secure technology patterns/blueprints that support the delivery of standardized and repeatable solutions developed to meet the enterprise needs.
Measure the maturity of our security capabilities against best practices, internal policies and standards
13+ years of professional technology experience
6+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience)
Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability
Solid understanding of security technologies, cryptography, authentication, authorization and controls
Good working knowledge of current IT risks and experience implementing security solutions
Minimum of 6 years experience in security services, other IT, and/or technical risk management
Strong management skills planning, organizing, leading, and measuring service driven teams
Ability to exercise and mentor others on good professional judgment and security-related ethics
Experiences with designing successful implementation of secure cloud-native applications, platforms, core services and security controls across public and private environments.
Prior knowledge in enterprise risk management, forensic investigations, regulatory, law enforcement and related topics.
Knowledge of the healthcare, distribution, supply chain or software industries is a plus
Strong technical aptitude and experience with a wide variety of technologies
Ability to rapidly learn and if required evaluate a new tool or technology
Experience with Network Security, Endpoint Security (EPP/EDR), Security Analytics, Security Orchestration, Automation, and Response (SOAR), Security Event Management, and other related areas
Strong verbal and written communication in addition to influencing skills
Demonstrated and progressive leadership experience with technical teams
Strong interpersonal and communications skills to build/ maintain ongoing business relationships
Must have a strong customer and quality focus
Have been successful in working across organizational boundaries, bringing together people with diverse perspectives and experience to find solutions to complex technical issues
Knowledge of the healthcare, distribution, or software industries is a plus
Acknowledgement of meeting the demands and regulatory requirements, for NIST, PCI, ISO 27001, HIPAA, GDPR, HITRUST, FedRamp, etc.
OSCP, SANS/GIAC, CISSP or other similar professional certifications are a plus
B.S. Degree or equivalent experience
Master’s degree preferable