Location: Cork, Ireland

McKesson Corporation (NYSE: MCK) is a leading healthcare services company dedicated to delivering the vital medicines, supplies and information technologies and services that enable the healthcare industry to provide patients better, safer care. McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with health care providers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission--by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company--and of healthcare. At McKesson, you'll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that's vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

McKesson operates in 14 countries in Europe, serving over 2 million customers every day at about 2,200 pharmacies of its own and over 4,300 participants in brand partnership schemes. The proactive and preventive approach ensures that patients receive the products and support that they require for optimum care. With more than 38,000 colleagues and with 134 wholesale branches, McKesson Europe supplies 65,000 pharmacies and hospitals every day with up to 130,000 pharmaceutical products. The services benefit a patient pool of about 15 million per day.

McKesson Corporation reported revenue of $214 billion in FY2018 and is ranked #7 on the Fortune 500.

United by our iCare values our 78,000 employees work together every day to make better care possible for patients around the globe.

Our vision - To improve care in every setting -- one product, one partner, one patient at a time.

Position Description

The Information Security Analyst will be part of the Security Capability Management and Governance team responsible for leading or supporting the execution of Information Security and Risk Management (ISRM) goals and objectives in Europe through the governance and management of ISRM initiatives and resources and ensure security risks are managed and the organization complies with security requirements and regulations through active collaboration with our customers and stakeholders. The role will provide security risk and compliance services to the stakeholders to improve the overall information security posture for their respective environments, help drive key cybersecurity initiatives, provide progress and reporting metrics, and ensure all systems comply with the Global CISO's Information Security program. The role will report directly to the Director of Information Security, Security Capability Management and Governance.

Key responsibilities include:

• Engage directly with the appropriate Technology Capability teams to ensure new products, services, applications, third party relationships have been assessed for controls and that any identified risks are appropriately addressed.
• Lead new and recurring security risk assessments (e.g. GDPR, PCI, etc.), collaborate on the development of mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, to obtain a holistic risk posture.
• Establish security requirements for projects/programs (e.g. systems upgrade or implementation) and operations through engagement with Business and IT teams.
• Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
• Work proactively with Business Information Security Officers (BISOs) and Technology Capability teams to ensure security, IT risk and compliance is actively built into the organization objectives and procedures.
• Assist with the coordination and prioritization of work for implementing cybersecurity initiatives.
• Maintain a strong understanding of the Business Unit IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
• Provide regular, timely reporting on the information security status across Technology Solution teams and, provide regular metrics and reporting to the Director of Information Security with a focus on continuous improvement
• Collaborate with the relevant Technology Solution Teams and act in a consultative way to help improve the security posture and adhere to security policies and expected controls.
• Facilitate the identification of high value assets to be monitored by ISRM.
• Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies and procedures
• Provide escalation path for information security issues, incidents and enquiries
• Work with the Technology Capability team and Business Unit management team to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities.
• Partner with enterprise service teams to leverage capabilities and subject matter expertise
• Acts as an Information Security subject matter expert on responsible area and endorse recommended solutions, providing thought leadership, coaching and mentoring to other information security analysts as required.

Minimum Requirements

4+ years in IT, Information Security Services, IT audit, and/or IT Risk Management

Critical Skills

• Strong security risk analytical knowledge and skills applying in different business contexts.
• Experience in risk assessment, GRC software, audit, and IT security assessments
• Familiar with compliance regulations, IT, security frameworks and standards (i.e. NIST, GDPR, PCI, SOX, HITRUST)
• Knowledge of Information Security control frameworks (e.g., NIST Cybersecurity Framework, Center for Internet Security Critical Security Controls, ISO 27001, etc.)
• Strong communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization
• Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities
• Capable of anticipating needs and driving clarity on expectations
• Self-Starter that requires minimal supervision, manage different activities effectively, and can provide oversight and coaching to others for any assigned projects or tasks.

Additional Knowledge & Skills

• Knowledge of the healthcare and software industries
• CISA, CISSP or other similar professional designations
• Familiarity with healthcare, privacy, and financial compliance regulations would be an advantage
• Knowledge of Jira and operating in agile would be an advantage
• Project management skills would be an advantage

Education
4-year degree in information technology or related field or equivalent experience