McKesson Manager, Application Security and Software Assurance in Munster, Ireland

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career. Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

We are currently seeking an Manager, Application Security & Software Assurance to work in our Cork Ireland location.

Position Description:

The qualified candidate will possess experience working within a large commercial entity, institution or enterprise having a central governance model and federated structure of business units, a strong understanding of critical build-in security practices, good vulnerability management reporting and tracking.

To be effective in this role, the Manager must have great written and oral communications skills, be highly efficient in the use of Microsoft Office productivity tools, SAFe Agile and Scrum planning solutions.

This individual will perform both as the responsible leader of an application security functional area/service discipline, and as an individual contributor in the support of growing an enterprise-wide and global Application Security & Software Assurance program.

Responsibilities include:

  • Primary responsibility is to perform and ensure service delivery within prescribed service level objectives by working closely with managers, analysts and designated representatives across enterprise technology services, business unit technology and risk functions

  • Establish, prescribe and facilitate security remediation priorities of software weaknesses and vulnerabilities identified in software components of McKesson-branded applications and products; and in components comprised of commercial and open-source software

  • Execute internal client initiatives and program-driven taskings on time and within budget allocations while completing deliverables and meeting performance parameters

  • Serve as an escalation point of contact for individual contributors, manager peer group across the enterprise and internal clients to ensure processes effectively address challenges and promote best practices that proactively resolve issues

  • Prepare and present monthly or as required detailed, high caliber security quality and risk documentation that can be easily consumed by mixed audiences of technologists/non-technologists, risk management teams and business leaders

  • Identify opportunities and establish plans that continuously streamline and/or enhance built-in security practices and report business risks related to software technologies used by McKesson

  • Participate in and produce reports as required for oversight activities by outside regulators, internal auditors and other governance functions as appropriate

  • Coach / mentor team members at-large, and establish performance plans as needed for assigned subordinates

  • Contribute to the internal body of knowledge of Application Security & Software Assurance distilled from industry standards and commonly accepted governance communities

  • Conduct and manage evaluations to evolve capabilities and services

  • Support and contribute to the ongoing maintenance and tooling of the technology capabilities and systems used by Global Application Security & Software Assurance

Minimum Requirements:

4 years information security experience including 2 years managerial experience

Critical Skills:

  • Undergraduate degree in any of the following: Information Security and Technology, Computer Science, Business Information Systems, Computer Information Systems or equivalent

  • Excellent working knowledge of industry standards and guidance such as SEI/CMU, SAFECODE; NIST 800-53; 800-64; MITRE - Common Weakness Risk Framework, and Vulnerability Enumeration; ISO/IEC 27034, CERT - Secure Coding Standards, OWASP Secure Coding Practices

  • Demonstrate working knowledge of Threat Modeling and tools (e.g. Microsoft SDL, STRIDE, PASTA, etc.)

  • In-depth understanding of software development lifecycles; embedding application security practices into Agile CI/CD workstreams and non-functional software security requirements

  • Demonstrate strong technical understanding and knowledge of cloud, mobile and web software technologies comprised in large enterprise and commercial IT environments – to include customized ERP, Supply Chain, Financial/HR, Sales / Marketing operations, Big data infrastructure services for enterprises; complex authentication and access control services for multi-tenant business systems

  • Demonstrate broad knowledge / understanding of inherent strengths and weaknesses of .NET, JAVA, C#, Objective-C language technologies, commonly used scripting languages, PaaS/SaaS cloud services leveraged to deliver McKesson-branded market solutions and enterprise applications

Preferred Skills:

  • Excellent oral/written communications to effectively communicate, report and present activities and findings in a software assurance and business risk context

  • Effective organization, time management and process improvement abilities

  • 1yr or greater experience in application security lifecycle management for Agile, Hybrid-Agile, Continuous Integration or SCRUM

  • 2yr administration and code review experience with any of the following: Veracode SAST/DAST/SCA, Coverity SCA, Synopsys SCA, HP Fortify or Fortify On-Demand, Rapid7, IBM AppScan, Checkmark, Black Duck, Protecode Analysis solutions; and to include application penetration testing

  • Working knowledge of any of the following - CVS, HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools

  • Commercial software development and/or quality assurance testing experience

Education:

4-year degree in computer science or related field or equivalent experience

Certifications/Licensure:

Any of the following are preferred: CSSLP, GSSP-.NET; GSSA-JAVA; GWEB, GWAPT, CISA.

Physical Requirements:

General Office Demands

Job: Technology

Organization: McKesson Corporate

Title: Manager, Application Security and Software Assurance

Location: Ireland-Munster-Cork

Requisition ID: 18003104