Live chat
McKesson Corporation

Application & Software Security Analyst

McKesson Corporation - Alpharetta, GA



Job Description
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy. Every single McKesson employee contributes to our missionby joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our companyand of healthcare. At McKesson, you'll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that's vital to us all. We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career. Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others. We are currently seeking an Information Security Analyst, Software & IT Systems to work in our Alpharetta, GA location. Position Description The qualified candidate will possess an accurate understanding of the organizational structure of McKesson enterprise and its business units, a working knowledge of critical build-in security practices and good vulnerability management reporting and tracking. To be effective in this role, the Analyst must have good written and oral communications skills and highly efficient in the use of administration tools for MS SharePoint and local scrum projects. This individual will perform both as an individual contributor and function as an internal program support consulting role to provide continuous improvement for a corporate-wide Product Security & Assurance Program. Responsibilities include Lead coordination efforts and ensure high-quality and accurate documentation of requirements established by the Senior Director of the function to evolve internal tools and processes that manage the inspection, remediation, assurance measuring lifecycle activities of IT technologies operated and managed by organizations responsible to McKesson Enterprise. Working closely with ISRM team members, ISRM program management and key business unit representatives responsible for the development, IT support and maintenance of McKesson applications, critical IT systems and services, the Program Analyst will identify and present correctives that resolve gaps and improve integration with asset management and governance, and Software & IT Systems Assurance activities. Accomplish recurring operational administration user support tools and maintain accurate organization of content deployed to approved community technologies such as MS SharePoint portals, NAMCK network file shares and other internal web-based portals that support lifecycle security inspection, reviews and risk measuring activities; provide access to security and assurance dashboards and/or reports; and content established to enable self-help workflows, the continuous education and adoption of build-in security practices and measures, IT hardening standards and guidelines. Monitor, research as needed and quickly close service requests in the Software & IT Systems Assurance support queue. Help build/share knowledge and document procedures learned from activities integrated and managed by Scaled Agile processes and practices. The documentation shall contribute to the creation of easily accessible body of knowledge for the Software & IT Systems Assurance team of how to complete activity and task specific internal activities defined for Scaled Agile practices. Assist and help complete On-board activities required to complete automated and manual security inspections and remediation reporting for applications and IT systems to include open-source, 3rd-party or commercially developed software capabilities. Document and maintain requirements established to conduct and complete proof-of-concept and pilot evaluations of security quality testing and risk analysis solutions. Create, update and maintain high-quality and accurate documentation for On-boarding processes, Self-help aids aimed at providing awareness and use instructions to personnel throughout the enterprise in how to accomplish service requests for security review and/or remediation consults; access and use of security capabilities; change requests, and issue tracking and resolution reporting, and assurance validations. Partner with business unit security and IT leads and Business Unit Security Officers to help effectively and efficiently drive the resolution of issues that impede the speed of security reviews and approval of remediation plans. Qualifications Minimum Requirements 4 years' experience in administering security controls in an organization Critical Skills Good oral/written communications to effectively communicate with stakeholders - peers, customers and managers Provide data management and analysis for activities and continuous project initiatives Use data sources to identify programmatic needs Participate in strategic planning with regards to program development of Software & IT Systems Assurance Assist with program assessments ensuring programmatic goals are well documented Perform data validation and quality control checks to ensure adherence to ETS/ISRM protocols High proficiency with MS Office productivity applications and Visio Commercial / contract experience providing technical administration of MS SharePoints and scrum-based web portals Good working knowledge of industry and commonly adopted secure software development standards, practices (e.g. applicable NIST standards, OWASP, SANS, BSIMM, CERT and SafeCode) Additional Knowledge & Skills: Administration experience with any of the following: Veracode SAST/DAST/SCA, Coverity SCA, Synopsys SCA HP Fortify or Fortify On-Demand, Rapid7, Nessus and IBM AppScan Analysis solutions CVS, HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools Commercial software development and/or quality assurance testing experience Some experience performing application security lifecycle project management Education 4-year degree in computer science or related field or equivalent experience Certifications/Licensure: Any of the following are preferred: CSSLP, GSSP-.NET; GSSA-JAVA; GWEB, GWAPT, CISA. Physical Requirements General Office Demands Benefits & Company Statement: McKesson believes superior performance individual and team that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it's flexible enough to meet the different needs of our diverse employee population. We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. But we can't do it without you. Every single McKesson employee contributes to our missionwhatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our companyand of healthcare. At McKesson, you'll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that's vital to us all. McKesson is an equal opportunity and affirmative action employer -minorities/females/veterans/persons with disabilities. Qualified applicants will not be disqualified from consideration for employment based upon criminal history. Agency Statement No agencies please.

8 days

McKesson Corporation

apply

Application & Software Security Analyst McKesson Corporation - Alpharetta, GA, United States

   

Location: Alpharetta, GA

Company Profile:
McKesson is in business for better health. As a company working with health care stakeholders in every setting, we are charting the course toward a stronger, more sustainable future for the entire industry.