McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.

Current Need

At McKesson Corporation, we are hiring for the following role as we grow and advance our global cybersecurity program.

McKesson's Senior Insider Threat Security Analyst will be a key member of our global team in driving Insider Threat investigations of potential incidents as well as proactive program measures across the enterprise.

The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations. The candidate will have a demonstrated comprehension of insider threat planning, identification and components of an insider threat program, strategies for effective communication of the program, and effective implementation and operation of the program within the organization.

This will include developing the process for reviews and approvals and the frequency required based on the type and severity of the incident. The ideal candidate has deep technical security knowledge/expertise, threat intelligence and security operations experience, proven cybersecurity skills.

This will be an exciting opportunity for the right candidate, who will have the responsibility to deliver and execute our cybersecurity insider threat management program and roadmap . In addition to providing a rich and challenging opportunity to grow and develop your career, we are deeply focused and committed to providing a diverse, equitable, and inclusive workplace environment.

Key Responsibilities:

• Lead and collaborate on implementation of the Insider Threat Program.
• Report overall process of the insider threat program to key constituents and stakeholders.
• Review the Insider Threat Program policy as part of the Policy Lifecycle process.
• Recommend strategies to prevent potential insider threat behavior or incidents.
• Monitor existing policies and suggest modifications to enhance the capabilities of the Insider Threat Program.
• Collaborates with law enforcement (through the Incident Response team), industry experts, internal, and external peers to enhance the Insider Threat Program behavioral models and detection techniques.
• Responsible for daily operations and management of the Insider Threat Program.
• Develop and perform processes for the Insider Threat Team Program, including which types of alerts to evaluates reporting, response, and remediation steps in collaboration with key stakeholders
• Conduct analytical and critical thinking; understand problem set, review facts, make accurate observations and judgments and provide recommendations
• Work closely with security awareness teams to help identify top risks related to employees that may lead to compromise and exfiltration of sensitive information.
• Regularly monitor, including but not limited to, privileged accounts and access, as well as systems.
• Enforce separation of duties and least privilege whenever possible.
• Ensure service provider contracts contain language acceptable to monitoring and enforcement across provided services and accessible data.
• Participate in assessment, procurement, configuration and maintenance of solutions such as security information and event management (SIEM) systems, user and entity behavior analytics (UEBA), identity and access management (IAM), deception technologies, vulnerability management and code analysis.
• Monitor for unauthorized changes and proceed to investigate according to procedures.
• Active threat monitoring while adhering to, and not overstepping, privacy requirements.

Technical Skills

• Provide advice and expert guidance on security issues affecting business process and procedures exploitable by insiders (both accidental and malicious actions)
• Provide input to the Insider Threat Program based on known and unknown threat behavior models.
• Build and implement processes and technologies to detect high-risk insider activities that are accidental or malicious in nature.
• Design reporting mechanisms for potential or actual insider threats.
• Create and implement constructs for early warning detection of potential insider threats.
• Test existing behavioral constructs for applicability and effectiveness.
• Evaluate technologies to enhance detection capabilities of behavioral constructs.
• Coordinate and collaborate with the SOC, Help Desk, IT, CTI, DLP, and Corporate Physical Security Risk teams and Business Units (BUs) to remediate/mitigate identified risks.
• Review existing technology capabilities and limitations and build business case for recommended new technology capabilities
• Conduct ongoing research of cyber insider threat theft
• Provide specialized intelligence and threat analysis and production support

Communication skills

• Develop information and technical support documents, summaries, reports, presentations, and other designate products
• Present briefings to personnel designated
• Write clear, concise and timely intelligence products that identify, analyze, and collate disparate pieces of information
• Develop baseline of normal Network Device Behaviors; Implement User Behavior Analytics tool
• Conduct risk assessments (on a regular basis), including risks to trade secrets, salary data, proposal data, proprietary data, strategic plans, Personally Identifiable Information (PII), and IT systems and servers, etc.
• Ensure access and logging to identified critical assets.
• Monitor and Respond to Suspicious or Disruptive Behavior

Minimum Requirements

• 5 - 7 years relevant experience
• Bachelor's degree or equivalent experience

Critical Skills

• 3+ years' experience with security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact Information Security
• 1+ years' experience with Insider Threat Program; and Information Security and network best practices
• 4+ years' experience providing advice and expert guidance on security issues affecting business process and procedures exploitable by insiders (both accidental and malicious actions)

Additional Knowledge and Skills

• Strong verbal and written communication skills
• Ability and willingness to share on-call responsibilities, work non-standard hours, and travel (up to 20%) when required
• Project management experience
• Working knowledge in principals of network and endpoint security, current threat and attack trends, and security principals.
• Must effectively deal with rapid technological and business changes while maintaining enthusiasm, displaying sound judgment, and being a complex problem solver
• Develops and implements training programs and remedial actions as necessary

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to [email protected] . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!