McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy. Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all. We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career. Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others. Current Need We are seeking a Director of ISRM – Risk Management, Mergers, Acquisitions & Divestitures to join our team. The corporate Information Security Risk Management (ISRM) organization is responsible for building and promoting the enterprise-wide IT Governance, Risk, Security, Privacy and Compliance Programs. The objectives of these programs are to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk, cost, and business benefit to adequately protect critical IT assets. Location - This position is to be located in our Alpharetta, GA or Scottsdale, AZ office Position Description The global role will lead and deliver IT Risk Management processes that will be utilized to assess IT risks within the organization and to inform management on the strategic cybersecurity direction. It will also bring new mergers and acquisitions in line with the ISRM program within McKesson in collaboration with IT and security leaders. Being able to quickly identify risks and outliers to the ISRM Program will be a priority. In addition, as we divest business units, this role will monitor the process to move these business units away from the ISRM programs and services being utilized within the business unit. Some key activities to be performed are: Enhance existing IT Risk Management Framework to conduct IT risk assessments and inform management on key risks to drive strategic IT security strategy Engage with various security and IT leaders to assist in security risk assessments Participate in Enterprise Risk Council to inform on IT security risks and align execution of IT risk management activities Enhance IT Asset classification and security risk exception processes Maintain IT risk registry by working with business unit stakeholders and other risk assess organizations Evaluate emerging IT risk and threats related to new areas of business and emerging technology Assist in the development of key risk indicators and risk dashboards Identify gaps against security policies/standards/and practices, processes, and solutions; recommend actions to leadership Perform IT Security due diligence assessments for potential acquisitions Execute problem determination and resolution for security gaps for acquired companies Work with various global security service owners to integrate newly acquired companies with required security services and solutions Interact with other IT staff/Business Leads to ensure their needs are address from a security perspective Work with various threat assessment toolkits to assess vulnerabilities within acquired companies Develop various playbooks to onboard target companies during integration Qualifications Minimum Requirements 8+ years’ experience in assessing and/or administering security controls in an organization Critical Skills 6+ years in Information Security or Compliance related services, IT audit, Internal Audit, or Risk Management Experience Experience in Risk Assessment, Audit and IT Security Assessments Strong interpersonal skills to foster good business relationships. Able to handle moderate to complex resolution without escalation and with minimal supervision. Able to exercise professional judgement Additional Knowledge & Skills Experience in working with Threat Vulnerability tools, Vulnerability Assessments, Application Code Scans, Penetration Tests, Network security a plus. Experience with Risk Management models, and knowledge of various frameworks such as ISO 27001, ITIL, COBIT, NIST, or regulatory/certifications – GDPR, HITRUST, HIPAA, PCI, SOX, SOC1/2, a plus. Experience in Merger and Acquisitions assessments of security risks a plus Education 4-year degree in computer science, MIS or related field or equivalent experience Grade: M4 McKesson is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.Current employees must apply through internal career site.Join us at McKesson!