McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

The Vice President of Privileged Access and Secrets Management is responsible for the developing a robust and scalable framework, strategy and implementation of privileged access and secrets management capabilities and adoption. The role will be responsible for development leadership of technical and product team, globally delivering a cohesive set of technical capabilities across the full lifecycle of privileged access. The role will act as a key partner in strengthening and maintaining productive alliances with 2nd and 3rd line of defense teams and a thought leader to build similar capabilities for Cloud space. This leader will demonstrate extensive knowledge and experience reviewing threat landscape; conducting analysis of access needs to make appropriate decisions for Enterprise Password Vault (EPV), Privileged Session Manager (PSM), Conjur, Endpoint Privilege Manager (EPM); defining the governance framework in line with the legal/regulatory requirements and McKesson's policy framework. Subject-matter expert knowledge of Privileged Access, Secrets Management and related technologies.

Key Responsibilities

• Development leadership - People leadership supporting PAM technical team members across multiple products and disciplines, coaching and mentoring to develop next level IAM architects, engineers and thought leaders.

• Strategic Planning - Develop and maintain a comprehensive vision and strategy of how privileged access can and will be used to accomplish department objectives of protecting our systems and data (On Prem and both Cloud) while facilitating new and existing business models highly dependent on technology.

• Program Management - Assist in managing a large portfolio of application modernization efforts to meet security and compliance requirements. Various peers and partners will provide support from the Information Security and Risk Management (ISRM) organizations including risk management alignment, project management, financial planning, and human resources.

• Operations - Lead adoption of capabilities that delivers business critical control sets including: Cyberark Vault , Conjur , Key valut , additional capabilities for service account discovery and lifecycle management tools.

• Compliance and Governance - Proactive leadership to set the foundational capabilities and governance framework relative to meeting IT SOX Access Management requirements and creating long-term sustainability by delivering an integrated PAM and Governance capability.

• Routinely collaborate with other stakeholders across the enterprise including security architecture, active defense, security systems administration/tools management, application security, and security software engineering to defend our enterprise.

• Coordinate closely with the ISRM leadership team to provide regular metrics and reporting to measure the efficiency and effectiveness of the services, facilitate appropriate resource allocation, and increase the overall maturity of security capabilities.

• Collaborate with other corporate functions including Internal Audit, Legal and Compliance, Privacy, and Enterprise Sourcing to ensure that the organization maintains a strong security posture. Liaise with Business Information Security Officers (BISOs) for cybersecurity and IT Risk & Compliance Management program needs within business units.

• Develop and manage a security budget and develop strategic plans to invest resources to efficiently reduce cybersecurity risk.

Minimum Requirements

• 15 years of professional experience in a technical, development, security, or related IT field

• 8 years diversified leadership, planning, communication, organization, and people motivation skills

Critical Skills

• 8 years in one of the following: cybersecurity/information security/software development / infrastructure

• Minimum of 5 years' experience in IAM services, security engineering, software development, other IT, and/or technical risk management

• Strong management skills planning, organizing, leading, and measuring service driven teams

• Strong interpersonal and communications skills to build/ maintain ongoing business relationships

• Experience with compliance regulations/laws, security frameworks and standards (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL, FedRamp, GDPR, etc.)

• Ability to exercise and mentor others on good professional judgment and security related ethics

Additional Knowledge & Skills

• Knowledge of the healthcare, distribution, or software industries is a plus

• Experience with law enforcement, defense, or intelligence community a plus

• Knowing Our Business | Develops market and business unit analysis, strategic priorities, and/or financial assumptions for McKesson's long-range planning process. Communicates a view of the desired future state of the business to senior executives

• Technology Integration | Ability to integrate various security and data protection technologies and controls into a cohesive architecture that sufficiently mitigates risk

• Risk Expertise | Understands and has knowledge of risk areas including regulatory, operational, information, technology risk and industry specific legalese

• Information Security | Good knowledge of information, application and infrastructure security control mechanisms

• Consulting & Advisory | Act as a trusted advisor and partner; Ensure IT security program compliance through relationships, partnerships, and professional influence

• Enterprise Orientation/ Global Mindset | Drives synergies and partnership between Business Units at the global enterprise level

• Preferred qualifications: CISSP, CISA, CISM

Education

• Bachelor's degree in Computer Science, other engineering, or related field or equivalent experience

Physical Requirements

• General office demands

Irving, TX; Alpharetta, GA

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That's why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!