McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

This position is for a Senior Information Security Analyst – supporting JD Edwards and SAP Security & Compliance.  Primary responsibility is to provide security administration, security design, and security improvement initiatives.

This individual is responsible for the security design supporting McKesson business processes, and organizational structure in the most effective and efficient manner while ensuring compliance with all security and architectural mandates. This individual will work very closely with other teams including those within McKesson Shared Services, Cybersecurity, and the compliance and audit teams. Leadership and technical competence are a must.

Areas of Responsibilities include:

Act as a subject matter expert for security and compliance on JD Edwards E1 and SAP systems (ECC, S4, GRC, Access Control, Process Control, ETD and others)Identifying gaps and improvements in the current security implementationExpansion of security capabilities to take full advantage of the JDE and SAP security tools availableUpdates and implementation of Master Data such as Roles/Entitlements, Role Owners, SOD rules changes, Security Configuration, threat patterns etc.Provide subject matter expertise and oversight as needed for projects requiring security access and compliance supportProvide training to other security team members on security services activities and domain knowledge, so that service delivery and support can be shared

Support the ongoing security service for JDE and SAP and JDE Security through:

Meeting all defined service levels and defined performance objectivesExpand automated processes and workflows to deliver on business projectsSecurity Strategy Development and ManagementRole design and implementationAccess provisioning and de-provisioning of usersIdentity life cycle and user maintenanceServe as a leader for implementing security architecturePossess and able to convey a strategic vision and end state design for interrelated business and security processes (i.e., Access administration and Security controls, threats and vulnerabilities)Coordinate all security designs with various Business Units and Cybersecurity teamsAnalyze and implement security requirementsRecommends and develops security measures to protect information against unauthorized modification or lossWorks closely with both technical and functional teams to ensure the success of the overall security solutionServe as Security subject matter expert and provide advisory and consulting services as neededStrong ability to collaborate with application teams, administration teams, and business partners to design and implement technical security solutions on JDE, SAP, and associated bolt-on applicationsExperience with integration of SAP and JD Edwards security administration with Identity Management platforms is a plus

Support of SOX Compliance through:

Adherence to, and delivery of SOX controls and proceduresSupport of compliance initiatives, and audits both internal and externalSupport of recurring security assessments and access reviews

Support the ongoing improvement of Security & Compliance area:

Providing ideas for improvement initiativesSelf-managing through improvement projects and providing clear measurable results

Minimum Requirements

7+ years relevant security administration experience

Critical Skills

At least 2 full implementations of security on SAP and JD Edwards systemsExperience with different scripting / programming languages to expand automation and capabilities

Expertise in:

OWM security and menu

JDE E1 security design and user maintenance

At least 3 years experience in SAP GRC Access Control & Process Control

At least 3 years experience with SAP ETD administration and maintenance; implementation of Threat Patterns including design, alerts, fraud detection and user Behavioral analysis, and response planning

Cloud applications and Bus. Objects

Emergency Access and Firefighter management

SOD Risk Management & Configuration

Proficient in IT general controls, SOC and SOX requirements as they relate to security administration

Proficient in ERP security principles, technologies and solutions, delivering functionality and
services on time, on budget and to meet business needs

Audit testing & evidence collection

HANA DB Security

SAP NextGen S4 Hana

Progressively responsible experience in designing, implementing, and maintaining application Security

Deep knowledge of application security, capabilities, and limitationsProficient in reducing the attack surface and hardening ERP system securityProficient in ERP security principles, technologies, and solutions, delivering functionality or services on time, on budget and to meet business needsTechnical knowledge of security architecture and role-based authorization modelsProven success on multiple, enterprise-scale implementation projects or services

Additional Knowledge & Skills

Strong, proven problem-solving skills and ability to identify, analyze, and resolve problems, driving solutions to completionProficient in analyzing requirements, resource estimation, and allocationExcellent in team leadership and team-based problem-solving skillsExcellent interpersonal and oral, written communication skillsAbility to translate complex technical information across all levels of the organizationAbility to self-manage on tasks and mini-projects or improvement effortsStrong facilitation skills and a clear ability to build strong relationships with business partners at all levelsDemonstrated ability to translate business drivers and priorities into security design, policies, and proceduresResults driven, and able to collaborate with management and colleagues to share the responsibilities for achieving an end-to-end solution for customersStrong attention to detail which ensures that customer requirements are met and that a high quality standard is achievedProvide technical perspectives to other architecture functions to ensure that solutions effectively leverage infrastructure capabilities and services and integrate with themMust have excellent initiative, organization, and customer service skills

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

$116,700 - $194,500

McKesson is an Equal Opportunity Employer

 

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

 

Join us at McKesson!