Vice President, Identity Governance and Assurance

at  McKesson

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

MINIMUM REQUIREMENTS

• 15+ years of professional experience in an engineering, development, security, or related IT field
• 8+ years diversified leadership, planning, communication, organization, and people motivation skills

CRITICAL SKILLS

• 8+ years in one of the following: cybersecurity/information security/software development / infrastructure.
• Minimum of 5 years’ experience in IAM services, security engineering, software development, DevOps , other IT, and/or technical risk management
• Strong knowledge and expertise in implementing Cloud identity solutions for various cloud platforms such as Azure, AWS, GCP
• Strong management skills planning, organizing, leading, and measuring service driven teams
• Strong interpersonal and communications skills to build/ maintain ongoing business relationships
• Experience with compliance regulations/laws, security frameworks and standards (e. g. , NIST, HIPAA, ISO, COBIT, OWASP, ITIL, FedRamp, GDPR, etc. )
• Ability to exercise and mentor others on good professional judgment and security related ethics

ADDITIONAL KNOWLEDGE & SKILLS

• Knowledge of the healthcare, distribution, or software industries is a plus
• Experience with law enforcement, defense, or intelligence community a plus
• Knowing Our Business - Develops market and business unit analysis, strategic priorities, and/or financial assumptions for McKesson’s long-range planning process. Communicates a view of the desired future state of the business to senior executives
• Technology Integration - Ability to integrate various security and data protection technologies and controls into a cohesive architecture that sufficiently mitigates risk
• Risk Expertise - Understands and has knowledge of risk areas including regulatory, operational, information, technology risk and industry specific legalese
• Information Security - Good knowledge of information, application and infrastructure security control mechanisms
• Consulting & Advisory - Act as a trusted advisor and partner; Ensure IT security program compliance through relationships, partnerships, and professional influence
• Enterprise Orientation/Global Mindset - Drives synergies and partnership between Business Units at the global enterprise level
• Preferred qualifications: CISSP, CISA, CISM

EDUCATION

• Bachelor’s degree in Computer Science, other engineering, or related field or equivalent experience

PHYSICAL REQUIREMENTS

• General office demands

THE ROLE

McKesson is seeking a Vice President of Identity Governance and Assurance, as a strategic and visionary leader to centralize, standardize and optimize identity governance for large scale application portfolio. This is an excellent opportunity to showcase transformational leadership to redesign and rebuild Identity systems top to bottom to set the foundation for automated compliance, enhanced security posture and state of the art user experience. An ideal candidate would be a visionary IAM leader who can dream big and successfully execute a large scale IAM transformation initiative by developing architectures, patterns and strategies for the identity and data protection space for both on premise and public cloud environments in partnership with other stakeholders. Strong executive presence and positive influential leadership skills are highly desired. Demonstrated successful engineering and leadership experience to work with diverse stakeholders, build positive relationships to ensure that architectures developed are successfully implemented while factoring in ease of integration, operational overhead and user experience. Strong SME in cloud identity governance and compliance for various cloud platforms.

KEY RESPONSIBILITIES

• Development leadership – People leadership supporting IGA technical team members, Security Administrators and Audit Assurance teams across multiple products and disciplines, coaching and mentoring to develop next level IAM architects, engineers and thought leaders.
• Strategic Planning – Develop and maintain a comprehensive vision and strategy of end-to-end identity lifecycle management for workforce, outside workers, non-personal identities, BOT identities etc. while facilitating new and existing business models highly dependent on technology. Develop and promote the solutions to give one stop shop view of all identity and access management catering to better user experience, ownership transitions, compliance activities and entitlement descriptions.
• Program Management – Assist in managing a large portfolio of application modernization efforts to meet security and compliance requirements. Various peers and partners will provide support from the Information Security and Risk Management (ISRM) organizations including risk management alignment, project management, financial planning, and human resources.
• Operations – Lead adoption of capabilities that delivers business critical control sets including: Saviynt, SailPoint, User Access Reviews, ForgeRock IGA etc.
• Compliance and Governance – Proactive leadership to set the foundational capabilities and governance framework relative to meeting IT SOX Access Management requirements and creating long-term sustainability by delivering an integrated PAM and Governance capability.
• Routinely collaborate with other stakeholders across the enterprise including security architecture, active defense, security systems administration/tools management, application security, and security software engineering to defend our enterprise.
• Coordinate closely with the ISRM leadership team to provide regular metrics and reporting to measure the efficiency and effectiveness of the services, facilitate appropriate resource allocation, and increase the overall maturity of security capabilities.
• Collaborate with other corporate functions including Internal Audit, Legal and Compliance, Privacy, and Enterprise Sourcing to ensure that the organization maintains a strong security posture. Liaise with Business Information Security Officers (BISOs) for cybersecurity and IT Risk & Compliance Management program needs within business units.
• Develop and manage a security budget and develop strategic plans to invest resources to efficiently reduce cybersecurity risk.