McKesson Bus Info Security Officer in Ireland
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
Purpose of Job
Ensures the security of electronic company information. Designs and implements security policies to control access to systems. Assesses the impact on the business caused by theft, destruction, alteration, or denial of access to information. Develop and promote risk managed, consistent controls and processes for IT Risk Management, Security, Privacy, and Compliance as priorities and initiatives dictate.
Provide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the BU.
Assist BU in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. ISO 27001, SOX, etc.).
Work with business and IT owners to establish priorities for process improvements to remediate or mitigate risk.
Execute problem determination and resolution for security gaps.
Assist Business Unit and Corporate functions in the event of incidents or breaches.
Train and assist security administration functions when necessary.
Interact with other IT Staff / Business Leads in meetings to enhance the understanding security issues and discuss solutions.
Help with IT asset security control coverage and metrics reporting regarding security and compliance data using RSA Archer Governance Risk & Compliance (GRC) and other tools as appropriate.
Assist with threat & vulnerability management process and tools.
Prepare automated and ad hoc reports and/or interpret data from various security sources (e.g. McAfee ePO, RSA enVision Security & Information Event Management (SIEM), Tenable Nessus vulnerability and configuration scanner, WebInspect, data loss prevention (DLP), etc.).
Assist with application meta-data inventory, mapping, and development of data flow process documentation.
Facilitate and execute response to Request for Proposals (RFP), Customer Questionnaires, Audits, and Remediation Plans.
Assist in monitoring critical vendors.
Support training and awareness efforts in the BUs.
Monitor and provide support for business unit implementation of security technology initiatives and remediation measures.
Assess and consult on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
Develop and maintain disaster recovery documentation and ensure associated processes meet business requirements.
ADDITIONAL RESPONSIBILITIES AND DUTIES
Experience, Education, Skills and Competencies:
6+ years in Information Security or Compliance related services, IT audit, Internal Audit and/or Risk Management Experience. Knowledge of the healthcare and software industries is a plus.
4-year degree in computer science or related field or equivalent experience. Hold
CISA, CISSP, GIAC, or other similar professional designations is preferred.
Understanding of one or more control frameworks such as ISO 27001, SOX, etc.
Basic understanding of security controls for Windows servers/workstations; Unix, Linux; Oracle is a plus.
Familiarity with security controls relating to McAfee ePO, RSA Envision SIEM, Tenable Nessus vulnerability and configuration scanner, WebInspect, firewalls, DLP, or similar products/technologies.
Knowledge of product and development security practices
Knowledge of system, network, and architecture security best practices.
Strong interpersonal skills to foster good business relationships.
Able to handle moderate to complex resolution without escalation and with minimal supervision.
Able to exercise professional judgment within defined policies and procedures.
Experience in Risk Assessment, audit, and IT security assessments.
Familiar with healthcare, privacy, and financial compliance regulations and IT and security frameworks and standards.
Experience with MS Win 7 & Ofc 2007+; MS Visio, Winzip, and Archer is a plus.