Senior Manager, Cyber Investigations & Response Team

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

McKesson’s Cyber Security Operations Sr. Manager will be a member of our McKesson Cyber Investigations & Response Team leading Security Operations and Incident Response activities across the Enterprise. You will be responsible for leading activities regarding identifying, containing, eradicating, and recovering from cybersecurity events and incidents. To execute this mission, you will use a combination of strong leadership skills, technical expertise, and an understanding of advanced cybersecurity principles and best practices. You will lead security event monitoring and incident response efforts by applying your leadership and analytic skills to investigate alerts and escalations, identify malicious activity, and collaborate with enterprise stakeholders. 

Responsibilities: 

• Manage daily security operations activities such as responding to alerts, monitoring security inbox for escalations, and coordinating with service owners, business stakeholders, and senior leaders. 

• Leading incident response activities as the Incident Commander such as directing containment and eradication activities, assessing reports, assisting in developing crisis response and communications plans, and directing incident recovery procedures. 

• Oversee all management activities related to security operations including people management, training, and mentoring to direct reports. 

• Convery potential and realized risks to business stakeholders and senior leaders with plans for how to remediate them. 

• Generate and report security metrics to ensure appropriate performance and adherence to standards. 

• When directed, create compliance reports, and support the audit process. 

• Partner with the security architecture, security engineering and security automation teams to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.  

• Manage career development for team members, including training and mentoring, conducting performance reviews, and exhibiting behaviors to be modeled by team members. 

Minimum Requirements:

• 10+ years of relevant cyber security experience in Threat Hunting, Security Operations, Incident Response, or network security with strong knowledge and experience leading a Security Operations or Incident Response team. 

• Experience training and managing security operations staff. 

• Proficiency in the use and management of Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and Endpoint Detection and Response (EDR) tools. 

• Experience in implementing automations to support and augment security operations processes, people, and technology. 

• Experience developing and implementing security policies in an enterprise environment. 

• Experience creating and managing adherence to standard operating procedures and processes. 

• Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response, cyber threat intelligence, and other information security practices. 

• Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants. 

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. 

Preferred Technical and Professional Expertise:

• One or more of the following security certifications or equivalent: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) 

• Master’s degree in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, or Information Systems. or equivalent degree is preferred. 

• Knowledge of the healthcare, distribution, or software industries is a plus. 

• Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts. 

• Recognize complex problems, analyze situations, and provide leadership to solve for and oversee implementation of their resolution(s). 

• Provide leadership and guidance to the team and act as a resource to the team members. 

• Experience with one or more scripting languages (e.g., PowerShell, Python, JavaScript, Perl). 

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!