Senior Director Oncology & Speciality Cyber Risk Remediation at McKesson

Job Description: 

We're seeking an experienced cybersecurity leader to join our organization as Senior Director of Cyber Risk and Remediation. This role will lead the strategic execution of cyber risk initiatives and remediation programs in our Oncology & Speciality (O&S) Business Unit. This role is responsible for assessing the current cybersecurity posture, identifying and prioritizing risks, and driving remediation efforts to strengthen the organization’s overall security maturity. The leader will collaborate across business units, technology teams, and governance functions to ensure alignment with regulatory standards and enterprise risk appetite. 

Key Responsibilities: 

• Build and lead a high-performing team of cybersecurity professionals. Foster a culture of accountability, innovation, and continuous improvement. 

• Oversee the identification, tracking, and resolution of cybersecurity risks and vulnerabilities. Lead cross-functional teams in executing remediation plans. 

• Assist with the implementation and maintenance of key cybersecurity initiatives 

• Establish KPIs and dashboards to monitor risk posture, remediation progress, and compliance status. Provide regular updates to executive leadership. 

• Able to seamlessly shift altitude of consultation, from immediate priority / execution to integrative problem solving, identifying unit dependencies, reducing duplication of effort and adoption of cyber security practices 

• Collaborate with lines of business, internal audit, legal, and compliance teams to ensure cohesive risk management practices. 

• Actively works with BISO’s to understand business priorities and bridges technical cybersecurity work with business unit needs, influencing prioritization across McKesson business units 

• Manage, prioritize, and sequence incoming tasks from specialized cybersecurity teams, integrating various priorities ensuring a cohesive solution / recommendation 

• Ensure efficient execution of high-volume cybersecurity tasks assigned to this organization 

• Implement and oversee Agile methodologies to optimize team performance and task delivery 

Required Expertise: The ideal candidate should have deep expertise in at least three of the following areas: 

Vulnerability management and penetration testing 

Endpoint security management and antivirus deployment 

Business context technical security advice to assist the BISO team and security coordinators 

Security technical controls assessment and implementation 

Patch management and system hardening 

Qualifications and Relevant Experience: 

• 15+ years of experience in cybersecurity, with at least 5 years in a leadership role 

• Proven ability to manage high-volume task execution in a cybersecurity context 

• Experience in bridging technical cybersecurity work with business unit needs Proficiency in Agile methodologies, particularly Scrum 

• Hands-on experience with project management tools such as Jira and collaboration tools like Miro 

• Strong skills in task sequencing, prioritization, and resource allocation 

• Relevant industry certifications (e.g., CISSP, CISM, GIAC) 

• Strong communication and stakeholder management skills 

• Bachelor's degree in Computer Science, Information Security, or related field; Master's preferred 

• In-depth understanding of healthcare-specific cybersecurity challenges and regulations (e.g., HIPAA, HITECH) 

• Familiarity with electronic health records (EHR) systems and healthcare IT infrastructure 

• Experience in protecting sensitive patient data and ensuring compliance with healthcare data privacy laws 

• Knowledge of healthcare industry standards and best practices for cybersecurity (e.g., HITRUST, NIST Cybersecurity Framework)