McKesson Senior Manager - Governance and Training in Munster, Ireland

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Job Summary:

We are driving to forge close alignment across McKesson to ensure that all areas of the business are appropriately protected from cyber threats. There is now a focus on the cyber security agenda from the highest level, and initial benchmarking suggests numerous areas in need of improvement. Driving growth in retail is also a business priority: this will increase our exposure to cyber threat, so we must ensure our defences keep pace with these changes and evolution of our global business.

The purpose of this role is to deliver effective and efficient cyber defences for McKesson, by driving adoption of global training and enhancing these in a regional or local context, commensurate with business unit-specific risks. There is a need to provide deep technical knowledge to enable effective response and analysis in the event of breach, or suspected breach.

The primary focus over a 1-2 year period will be the development of Security Advocacy program encompassing training, awareness and cultural change initiatives, as well as establishing a network of security advocates across the global businesses.

Key Responsibilities/Essential Functions:

As Senior Manager –Governance and Training, the key responsibilities will include:

Cyber Security Awareness, Advocacy &Training

Functional responsibilities for Security & Compliance awareness and training initiatives, as well as the development, implementation and management of the wider “security advocacy” program.

  • Support the Governance Director in the designand implementation of a programme of tailored, role based training andawareness initiatives to increase awareness of information and cyber securitythroughout the global business.

  • Measure compliance to defined trainingprograms.

  • Collaborate, with the aid of externalconsultancies, to define a cohesive programme of information and cyber securityand privacy messages to roll out through the global business.

  • Support the Governance Director to establishand maintain the “security advocacy” program globally to identify and embed anetwork of security minded individuals throughout the global business.

  • Support the Governance Director in defininga program of metrics with supporting data sets to measure the effectiveness ofthe security awareness, training and advocacy programmes.

  • Maintain and expand the current globalphishing simulation program.

  • Work closely with global legal and privacyteams to ensure messaging is appropriate within local and regional businessunits.

  • Support the information security organizationand broader IT risk management programme to ensure the integrity,confidentiality and availability of information owned, controlled or processedby the global business.


Support the Governance Director in leveraging the corporate defined strategy to evaluate and tailor a detailed roadmap and plan for training implementation to benefit McKesson’s global businesses:

  • Support the Governance Director to establishglobal (& local where appropriate) information security training programs.

  • Socialise the training program frameworkthroughout the global business units to gain consensus and understanding withleadership teams.

  • Develop strategy for assigned content areas(content area plan) and recommend solutions to business partners that addresslearner needs to increase associate competence and confidence. Collaborate withother LSMs to ensure assigned content areas are represented. Determine andmaintain effectiveness of content areas.

  • Work with learning Design &Development, Technology, and/or Delivery teams to determine the most effectivelearning solutions for assigned content areas and communicate solutions tobusiness partners.

  • Create learning plans for assigned jobroles based on learner needs. For assigned job roles, validate content arearecommendations from other LSMs. Work closely with learning Execution,Technology, and Delivery team members to ensure execution of learning plans.Determine and maintain effectiveness of learning plans.

  • Collaborate with business partners, keepingthem informed, influencing the right decisions for learners, and effectivelyaddressing difficult issues. Demonstrate the courage to say what needs to besaid, while maintaining strong relationships. Gain buy-in from stakeholders atmultiple levels of the organization.

  • Collaborate with other GRC service teams tomeasure compliance to the training program in support of the broader riskmanagement programme.

  • Work closely with IT Governance insupporting priority risk management and compliance initiatives as part of thebroader risk management programme.

  • Provide risk guidance for IT projects,including the evaluation and recommendation of technical controls.

  • Stay abreast of innovative security andrisk trends and technologies in the market to recognize and articulatepotential value to the company and adopt into the policy framework.

  • Have a depth of knowledge in understandingrelating to contemporary IT risk management and security practices – forexample, cloud, mobility, advanced analytics, retail systems.

  • Coordinate and provide requirements forshared services provided by Global CISO function for detection and monitoringcapabilities’. Including deployment of supporting tools and review of securityoperations SLA’s to the business.

  • Socialize the roadmap and plan and buildconsensus and support with business and IT leaders.

Additional Responsibilities

  • Support the Global, North American andEuropean CISO organisations in delivering consumable services within theGovernance areas of the global GRC remit.

Professional Experience/Qualifications/Education

The successful candidate will also have specialized knowledge and skills:

  • 5-8 years of technologyexperience with preferred 5 years of information security/cyber securityexperience in a highly regulated industry with a demonstrated track of managingawareness programs and training implementation in complex global businessenvironments.

  • A broad technical background that must coverinfrastructure, applications and mobile technologies.

  • Experience in establishing trainingprograms throughout large complex businesses.

  • Experience in cultural change initiativesregarding information and cyber security throughout large complex businesses.

  • Experience in change management with ademonstrated ability to leverage relationships to lead and influence.

  • Effective strategic planning and analyticalskills.

  • Expertise in all aspects of securitydisciplines: information security, cyber-risk and vulnerability assessments,threat analysis, threat monitoring, security intelligence.

  • 5 years of experience working withnational and international regulatory compliance frameworks such as ISO, SOX,BASEL II, EU DPD, HIPAA, GDPR and PCI DSS, NIST Cyber Security Framework (orequivalent) and appreciation for compliance and privacy relatedconsiderations.


  • Bachelor’sdegree required, with a preference for studies in Technology such as computerscience, engineering or similar field or a development related field(Leadership Development, Organizational Development, or Talent Management).

Job: Technology

Organization: McKesson Corporate

Title: Senior Manager - Governance and Training

Location: Ireland-Munster-Cork

Requisition ID: 18005480