McKesson Threat and Vulnerability Specialist in Munster, Ireland

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Position Description

The qualified candidate will possess a working knowledge of critical build-in security practices and a strong working knowledge of vulnerability management. This includes: researching, identifying, reporting, validating, reproducing and remediation consulting. To be effective in this role, the candidate must have excellent written and oral communications skills and highly effective at influencing managers outside their reporting structure. The candidate must also be proficient in the use of Microsoft Suite of tools (i.e. Excel, PowerPoint and Word), and understand Scaled Agile delivery frameworks. This individual will be charged with significantly reducing vulnerabilities, improve ongoing cyber-hygiene, and assist in the continuous improvement of our enterprise-wide threat and vulnerability management program.

Responsibilities

  • Collaborates with Windows, Unix, Linux andIT Infrastructure teams to drive remediation of reported vulnerabilitiesthrough risk/threat based assessment of security controls and tools.

  • Articulate risk and business impact tostakeholders

  • Ability to convey the urgency and need toremediate vulnerabilities commensurate with the risk it presents to McKesson

  • Develops and maintains vulnerability andresponse artifacts systematically to produce metrics that can measure theoverall program maturity and progress.

  • Creates visibility and awareness atappropriate level including executive leadership teams, CISO and other on vulnerabilitiesthat require attention

  • Synthesis required information for riskarticulation

  • Demonstrates ability to strike a balancebetween strategic and tactical activities required to run the vulnerabilityresponse and remediation efforts

  • Cultivates the practice of staying abreaston latest trends and developments in vulnerability response and remediationactivities followed across industry.

  • Actively reviews public and privatevulnerability notifications/disclosures, consumes research findings andprioritizes remediation efforts.

  • Research exploit techniques and mitigationstrategize

  • Lead coordination efforts betweentechnology stakeholders and ensure high-quality and accurate reporting andtracking. Evolve internal tools andprocesses that manage the inspection, remediation, assurance measuringlifecycle activities of IT technologies operated and managed by organizationsresponsible to McKesson Enterprise.

  • Build relationships and become a trustedadvisor with BU and technology owners to influence change and drive ownershipand accountability.

MinimumRequirements

6 year’s experience in administering security controls in an organization

CriticalSkills

  • Good working knowledge of industry andcommonly adopted secure standards, practices (e.g. applicable NIST standards, CIS,ISO, OWASP, SANS, BISMM, and CERT)

  • Administration experience with any of thefollowing: Nessus, Rapid7, Qualys, Core Impact, Metasploit and other scanningand analysis solutions.

  • Experience with automated and manualpenetration testing

  • Experience implementing and automatingremediation workflows that support/enhance CI/CD processes.

  • Provide data management and analysis for activitiesand continuous project initiatives

  • Use various data sources to identify andsolve for programmatic needs and gaps in IT system coverage.

  • Participate in strategic planning withregards to program development of IT Systems Assurance

  • Assist with program assessments ensuringprogrammatic goals are well documented

  • Perform data validation and quality controlchecks to ensure adherence to ETS/ISRM protocols

  • High proficiency with MS Officeproductivity applications and Visio

  • Good oral/written communications toeffectively communicate with stakeholders - peers, customers and managers

Additional Knowledge & Skills

  • Knowledge regarding healthcare IT

  • Consulting background

  • Experience in large highly segmented andregulated organizations

Education

4-year degree in computer science or related field or equivalent experience

Certifications/Licensure

Any of the following preferred but not required:

GCWN, GWAPT, GPEN, GCUX, CEHv10, GXPN, OSCP, CISSP

Physical Requirements

General Office Demands

Job: Technology

Organization: McKesson Corporate

Title: Threat and Vulnerability Specialist

Location: Ireland-Munster-Cork

Requisition ID: 18004831