Sr. Information Security Analyst - Platform Security
Cork, IRL - 3300 Cork Airport Business Pk (C210), Ireland
McKesson
The leading healthcare company for wholesale medical supplies & equipment, pharmaceutical distribution, and healthcare technology solutions.
McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people.
McKesson is looking for a Senior Information Security Analyst, Threat & Vulnerability Management to help support McKesson information security capabilities and compliance across Business units and Enterprise IT organizations. As a Senior Information Security Analyst, you will be a key member of our Cybersecurity team. The candidate will have a background in Threat & Vulnerability Management and will also help represent the Cybersecurity team on various projects and boards. This position involves monitoring, analyzing, and advising on vulnerability-related risks.
Responsibilities:
1. Vulnerability Monitoring:
1. Continuously monitor relevant sources (CVE databases, security bulletins, etc.) for newly identified vulnerabilities.
2. Assess the impact and severity of vulnerabilities based on the organization’s assets and risk appetite.
3. Evaluate the risks posed by identified vulnerabilities to the organization’s information and systems.
4. Collaborate with cross-functional teams to prioritize vulnerabilities based on business impact.
2. Advisory Role:
1. Provide actionable recommendations to management regarding vulnerability remediation.
2. Advise on appropriate measures to eliminate or reduce the organization’s risk exposure.
3. Trend Analysis:
1. Analyze vulnerability data to identify trends, patterns, and emerging threats.
2. Stay informed about industry best practices and evolving attack vectors.
4. Stakeholder Communication:
1. Regularly communicate vulnerability status, progress, and risk mitigation efforts to relevant stakeholders.
2. Foster collaboration with IT teams, system owners, and security architects.
Key Results:
1. Patch Compliance Rate: Achieve and maintain a high patch compliance rate across all systems and applications.
2. Vulnerability Reduction: Continuously reduce the number of critical and high-risk vulnerabilities within the organization.
3. Response Time: Minimize the time taken to remediate vulnerabilities after discovery.
4. Stakeholder Satisfaction: Gather feedback from stakeholders on vulnerability management effectiveness and adjust strategies accordingly.
Qualifications (Education, Experience, Skills/Competencies):
* Degree in IT Security, Information Systems, Computer Science, Engineering, Information Security, or related field or equivalent experience.
* 5+ years of experience in systems and/or applications security, including maintenance and use of security products in a distributed enterprise environment.
* Knowledge of investigative methodologies and decomposing behavioral profiles to develop investigative plans.
* Ability to manage security vulnerabilities and risks across the organization.
* Ability to analyze site/enterprise Computer Network Defense policies and configurations.
* Knowledge of Security and Control Frameworks such as NIST, ISO, Cloud Security Alliance, CMMC, etc.
* Knowledge of network protocols IDS/IPS, DNS, TCP/IP, network defense components.
* Security related qualification(s) such as CISSP, GPEN, GCIH, CEH, CISA, CRISC, IAT, CISM, or GIAC.
Additional Knowledge & Skills (Optional):
* Knowledge of healthcare, privacy, and financial compliance regulations.
* Knowledge and experience with secure deployment of applications within cloud environment.
* Experience with law enforcement, defense, or intelligence community.
* Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.
* Experience with Vulnerability Management Tooling.
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being.
#J-18808-Ljbffr