As McKesson’s Sr. Director Software Assurance, you will be a key component of our team helping work across the enterprise to build and mature processes to strengthen our IT environments from an end to end perspective covering both systems development and systems operation. You will partner with the ISRM Enterprise Governance, Risk & Compliance team and the Enterprise Cybersecurity team and support the Business Information Security Officers and IT teams across the enterprise in maturing their programs.
This position can be based at our Alpharetta, GA or Scottsdale, AZ office.
Tell me about yourself - The perfect answer - For more visit www.careeradvice.org
Responsibilities will include:
Secure SDLC Program
Promote best practices in application development, leveraging industry recognized secure SDLC frameworks
Develop and govern the deployment of the SDLC security program across McKesson for in-house developed and commercial off-the-shelf software focusing on standard services, processes & tools. This includes:
Partnering with the GRC team to continue to enhance and promote policies across the enterprise
Regular metrics and reporting at the BU and Enterprise level
Periodic baselining of the program and processes
Work with business units to promote a strong secure SDLC program for mobile / digital solutions in Healthcare and Pharmacy services (online, mobile, and legacy platforms)
Partner with the Cybersecurity & Threat Management team to deliver software assurance capabilities to the enterprise:
Static code and binary analysis
Dynamic application testing
Infrastructure vulnerability testing
Application-level Penetration Testing/Ethical Hacking
Threat Modeling & Red Team application security assessment
Manage the executive communications and reporting specific to the Software Assurance program and it initiatives, risks and threats for the McKesson enterprise
Keep abreast of application security trends and the emerging threat landscape related to the healthcare industry, McKesson businesses and corresponding applications
Subject Matter Expert in defining a software security training curriculum for McKesson, partnering with the GRC team for implementation/roll-out
Secure IT Operations Program
Promote best practices in building and maintaining security in the software and systems supporting our business applications. This includes helping the BUs build processes to build and configure systems securely, and then to maintain them:
Maintain and enhance coverage for vulnerability scanning across the enterprise
Partner with the Cybersecurity & Threat Management team to deploy similar processes to monitor configuration management
Guide the BUs in the prioritization and execution of their remediation processes, and work to encourage streamlining/standardization of these processes
Provide regular metrics and reporting at the BU and Enterprise level
Send To A Friend
Posts
