CT - Senior Analyst, Third Party Cyber Security

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

A Senior Third-Party Cyber Security Analyst plays a critical role in ensuring the security of the organization’s external partnerships and integrations. Reporting to the Third-Party Cyber Security Architect, the Senior Analyst supports the assessment, monitoring, and mitigation of cybersecurity risks associated with third-party entities, including vendors, suppliers, and partners. This position involves day-to-day operational activities, including security assessments, compliance monitoring, and incident response coordination, to maintain a secure ecosystem around third-party interactions.

Key Responsibilities:

Sr Third-Party Security Assessments:

• Conduct initial and ongoing security assessments of third-party vendors, partners, and suppliers to identify potential cybersecurity risks.

• Assist in the evaluation of third-party security controls and compliance with the organization’s security policies and industry standards.

• Document findings, prepare reports, and communicate identified risks and recommended remediation actions to internal stakeholders.

Continuous Monitoring and Compliance:

• Support the continuous monitoring of third-party access points and data exchanges to detect and respond to security incidents or policy violations.

• Assist in tracking and enforcing third-party compliance with established security requirements and contractual obligations.

• Maintain up-to-date records of third-party risk assessments, compliance statuses, and remediation activities.

Incident Response Coordination:

• Participate in the identification, investigation, and management of security incidents involving third-party entities.

• Work with the Third-Party Cybersecurity Architect to coordinate incident response efforts, communicate with affected third-party entities, and ensure timely resolution.

• Assist in conducting root cause analysis and preparing incident reports to prevent future security breaches.

Support for Mergers & Acquisitions (M&A):

• Assist in the cybersecurity due diligence process for M&A activities, focusing on identifying risks related to third-party connections and integrations.

• Contribute to the development of integration plans to secure merging IT systems and data in collaboration with other cybersecurity team members.

Policy Adherence and Improvement:

• Ensure adherence to established policies and procedures related to third-party cybersecurity.

• Assist in the development and continuous improvement of third-party security guidelines, checklists, and processes.

• Maintain awareness of emerging cybersecurity threats and trends that could impact third-party security.

Collaboration and Communication:

• Collaborate with internal teams, including legal, procurement, and vendor management, to ensure security requirements are included in third-party contracts.

• Communicate security expectations, guidelines, and compliance requirements to third-party entities.

• Work closely with the broader cybersecurity team to integrate third-party security considerations into overall cybersecurity strategies.

Training and Awareness:

• Assist in the development and delivery of training sessions on third-party cybersecurity risks and best practices for internal stakeholders.

• Support initiatives to raise awareness of third-party security risks across the organization and among external partners.

Qualifications/Critical Skills:

• Bachelor’s degree (in Cyber Security, Information Technology, Computer Science, or a related field), or equivalent work experience..

• 7+ years of experience in cybersecurity, with a focus on third-party risk management, vendor management, or related areas.

• Familiarity with cybersecurity frameworks, such as NIST, ISO 27001, or similar.

• Basic knowledge of network security, data protection, and incident response principles.

• Strong analytical, problem-solving, and communication skills.

• Ability to work collaboratively in a team environment and manage multiple tasks with attention to detail.

Preferred Qualifications/Skills:

• Experience with security assessment tools and methodologies.

• Relevant cybersecurity certifications (e.g., CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Third Party Risk Professional (CTPRP)).

• Familiarity with regulatory requirements related to third-party cybersecurity (e.g., GDPR, CCPA, etc.).

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!