The Vice President of Enterprise Access Management is responsible for the development leadership of an enterprise identity and access management (IAM) technical team, globally delivering a cohesive set of technical capabilities across the full lifecycle of employee, partner, and customer identity and access. The role will work closely with stakeholders internally and externally to lead technical IAM services. The VP is ultimately responsible for the human and technical resources required to meet commitments for and support the enterprise security and access management environment for McKesson. This leader will demonstrate extensive knowledge and experience reviewing access requests from users; conducting analysis of users’ needs in order to make appropriate decisions for provisioning/de-provisioning; defining Identity Governance in line with the legal/regulatory requirements and McKesson’s policy framework.
Responsibilities will include:
1. Development leadership – People leadership supporting identity management technical team members across multiple products and disciplines including access management, identity governance, privilege access, directory services, role based access controls, public key infrastructure (PKI) and cryptography.
2. Strategic Planning – Develop and maintain a comprehensive vision and strategy of how identity services can and will be used to accomplish department objectives of protecting our systems and data while facilitating new and existing business models highly dependent on technology.
3. Program Management – Assist in managing a large portfolio of identity services and the pipeline of projects/tasks to create, evolve, and change them as needed. Various peers and partners will provide support from the Information Security and Risk Management (ISRM) organizations including risk management alignment, project management, financial planning, and human resources.
4. Operations – Lead adoption of capabilities that delivers business critical control sets including: Provisioning, authentication, authorization, and password management, access request management, workflow and approval management, privileged access management, web access SSO, cloud, mobile, and federated SSO, risk based adaptive access, API security, Active Directory, virtual directory services, meta directory, IAM synchronization, Graph data services, access certification, SOD detection and prevention, role governance and data mining, behavior analytics, and ERP security.
5. Project Odyssey – Program sponsorship relative to meeting IT SOX Access Management requirements and creating long-term sustainability by delivering an integrated Enterprise Access Management and Identity Governance capability.
6. Routinely collaborate with other stakeholders across the enterprise including security architecture, active defense, security systems administration/tools management, application security, and security software engineering to defend our enterprise.
7. Coordinate closely with the ISRM leadership team to provide regular metrics and reporting to measure the efficiency and effectiveness of the services, facilitate appropriate resource allocation, and increase the overall maturity of security capabilities.
8. Collaborate with other corporate functions including Internal Audit, Legal and Compliance, Privacy, and Enterprise Sourcing to ensure that the organization maintains a strong security posture. Liaise with Business Information Security Officers (BISOs) for cybersecurity and IT Risk & Compliance Management program needs within business units.
9. Develop and manage a security budget and develop strategic plans to invest resources to efficiently reduce cybersecurity risk.
15+ years of professional experience in a technical, development, security, or related IT field
10+ years diversified leadership, planning, communication, organization, and people motivation skills.
- 8+ years in one of the following: cybersecurity/information security/software development / infrastructure
- Minimum of 5 years’ experience in IAM services, security engineering, software development, other IT, and/or technical risk management
- Strong management skills planning, organizing, leading, and measuring service driven teams
- Strong interpersonal and communications skills to build/ maintain ongoing business relationships
- Experience with compliance regulations/laws, security frameworks and standards (e.g., NIST, HIPAA, ISO, COBIT, OWASP , ITIL, FedRamp, GDPR, etc.).
- Ability to exercise and mentor others on good professional judgment and security related ethics
Additional Knowledge & Skills
- Knowledge of the healthcare, distribution, or software industries is a plus
- Experience with law enforcement, defense, or intelligence community a plus
- Knowing Our Business | Develops market and business unit analysis, strategic priorities, and/or financial assumptions for McKesson’s long-range planning process. Communicates a view of the desired future state of the business to senior executives
- Technology Integration | Ability to integrate various security and data protection technologies and controls into a cohesive architecture that sufficiently mitigates risk.
- Risk Expertise | Understands and has knowledge of risk areas including regulatory, operational, information, technology risk and industry specific legalese
- Information Security | Good knowledge of information, application and infrastructure security control mechanisms
- Consulting & Advisory | Act as a trusted advisor and partner; Ensure IT security program compliance through relationships, partnerships, and professional influence.
- Enterprise Orientation/ Global Mindset | Drives synergies and partnership between Business Units at the global enterprise level
- Preferred qualifications: CISSP, CISA, CISM
4 year degree in computer science, other engineering, or related field or equivalent experience
Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please.