Business Information Security Officer - Corporate Functions

McKesson•Irving, TX

11h

About The Position

McKesson’s Corporate Functions Business Information Security Officer (BISO) will lead, plan, direct, and control activities for assurance, security (information, application, and infrastructure), and compliance across McKesson Corporate Functions, including Technology, HR, Legal, Finance, Privacy, and Compliance. This Security Principal (P6) role ensures successful delivery of Information Security and IT risk management services in compliance with McKesson Cyber Security policies, standards, and the NIST framework. The ideal candidate has high energy, strong presence, and a passion for delivering value from the cybersecurity function. They possess deep technical security, governance, and risk expertise and will be the primary advocate for security initiatives across these functions, maintaining consistent alignment with the McKesson Cyber Security organization. The candidate will work directly with senior leaders from each of those functions and should have the requisite capabilities to succeed at that level. This individual will work as part of a large team of security professionals in a structure designed to help them succeed in delivering best-in-class security to this stakeholder group. This role reports directly to the Senior Director of Cyber Governance and Risk Management.

Requirements

Bachelor’s Degree or equivalent experience in Information Security, Computer Science, or related field.
15+ years of relevant professional experience, including 8+ years in impactful roles interacting with senior stakeholders in a cyber security or technology function
Strategic thinker with the ability to communicate and influence at both technical team and senior management levels.
Ability to integrate various security and data protection controls to mitigate risk effectively.
Deep knowledge of regulatory, operational, information, and technology risk areas.
Strong familiarity with information, application, and infrastructure security control mechanisms.
Experience utilizing the NIST framework for effective cybersecurity and risk management.
Strong understanding of privacy laws, data protection regulations, breach notification practices, and incident response management.
Ability to act as a trusted advisor and partner.

Nice To Haves

CISSP, CISM, or equivalent certifications.

Responsibilities

Manage corporate function cyber security and risk requirements, ensuring high-quality execution.
Co-ordinate IT risk, compliance, and audit reviews, and assist with remediation of findings.
Ensure technology programs comply with relevant laws, regulations, and McKesson cyber security policies.
Participate in corporate function initiatives to represent the cybersecurity function.
Ensure security programs address IT risk management findings and follow relevant laws, regulations, and policies.
Report Key Risk and cyber security performance Indicators to corporate functions leadership for informed decision-making.
Develop strong partnerships with IT leaders and ISRM service teams to manage corporate function IT and security risk.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume