Job Details
Cover My Meds BISO
2025-07-01 MCK McKesson Corporation Columbus,OHMcKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, wefocus on the health, happiness, and well-being of you and those we serve - we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.
Job Description:
CoverMyMeds solves medication access challenges for patients throughout their journey through a unified brand that encompasses RelayHealth, RxCrossroads by McKesson, McKesson Prescription Automation and CoverMyMeds.
While CMM is best known for revolutionizing the prior authorization process, the team has also built a suite of solutions for pharmaceutical brands, pharmacies, and providers drawing from decades of experience across our unified businesses. Together, we help solve the most common medication access, affordability and adherence challenges patients face.
Through remarkable people and data-driven technology, CMM are accelerating innovative solutions created to help increase speed to therapy, reduce prescription abandonment and support improved health outcomes for patients.
We are looking for a Business Information Security Officer (BISO) who will lead, plan, direct, and control activities for assurance, security (information, application, and infrastructure), and compliance across the CMM Business Unit. This Security Principal (P6) role ensures successful delivery of Information Security and IT risk management services in compliance with McKesson Cyber Security policies, standards, and the NIST framework.
The ideal candidate has high energy, strong presence, and a passion for delivering value from the cybersecurity function. They possess deep technical security, governance, and risk expertise and will be the primary advocate for security initiatives in the BU, maintaining consistent alignment with the McKesson Cyber Security organization.
The candidate will work directly with senior leaders across the business and should have the requisite capabilities to succeed at that level. This individual will work as part of a large team of security professionals in a structure designed to help them succeed in delivering best-in-class security to this stakeholder group.
This role reports directly to the Deputy CISO.
Required Skills:
- Demonstratable track record of impactful execution in this space.
- Strategic thinker with the ability to communicate and influence at both technical team and senior management levels.
- Ability to integrate various security and data protection controls to identify and mitigate risk effectively.
- Strong knowledge of cyber technology platforms that assist with Detect and Protect and the ability to interact with those teams as a peer.
- Strong familiarity with information, application, and infrastructure security control mechanisms.
- Experience utilizing the NIST framework for effective cybersecurity and risk management.
- Strong understanding of privacy laws, data protection regulations, breach notification practices, and incident response management.
- Ability to act as a trusted advisor and partner to the CMM BU clearly articulating the risk landscape and providing input as to where the BU should focus their attention and resources from a cyber risk perspective.
Key Accountabilities:
Risk Management:
- Manage CMM specific cyber security and risk requirements, ensuring high-quality execution.
- Co-ordinate IT risk, compliance, and audit reviews, and assist with remediation of findings.
- Ensure technology programs comply with relevant laws, regulations, and McKesson cyber security policies.
Compliance:
- Proactively lead Participate in corporate function initiatives to represent the cybersecurity function.
- Ensure security programs address IT risk management findings and follow relevant laws, regulations, and policies.
Stakeholder Engagement:
- Provide practical advice and direction enabling the BU to make cyber risk-based prioritization decisions
- Report Key Risk and cyber security performance Indicators to CMM leadership for informed decision-making.
- Develop strong partnerships with IT leaders and Cyber Security service teams to manage CMM cyber security risk.
Minimum Qualifications:
- Bachelor's Degree or equivalent experience in Information Security, Computer Science, or related field.
- 15+ years of relevant professional experience, including 8+ years in impactful roles interacting with senior stakeholders in a cyber security or technology function.
Preferred Certifications:
CISSP, CISM, or equivalent certifications.
We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.
Our Base Pay Range for this position
$172,700 - $287,800
McKesson is an Equal Opportunity Employer
McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.
Join us at McKesson!
- 15+ years of relevant professional experience, including 8+ years in impactful roles interacting with senior stakeholders in a cyber security or technology function.
- Bachelor's Degree or equivalent experience in Information Security, Computer Science, or related field.
- Develop strong partnerships with IT leaders and Cyber Security service teams to manage CMM cyber security risk.
- Report Key Risk and cyber security performance Indicators to CMM leadership for informed decision-making.
- Provide practical advice and direction enabling the BU to make cyber risk-based prioritization decisions
- Ensure security programs address IT risk management findings and follow relevant laws, regulations, and policies.
- Proactively lead Participate in corporate function initiatives to represent the cybersecurity function.
- Ensure technology programs comply with relevant laws, regulations, and McKesson cyber security policies.
- Co-ordinate IT risk, compliance, and audit reviews, and assist with remediation of findings.
- Manage CMM specific cyber security and risk requirements, ensuring high-quality execution.
- Ability to act as a trusted advisor and partner to the CMM BU clearly articulating the risk landscape and providing input as to where the BU should focus their attention and resources from a cyber risk perspective.
- Strong understanding of privacy laws, data protection regulations, breach notification practices, and incident response management.
- Experience utilizing the NIST framework for effective cybersecurity and risk management.
- Strong familiarity with information, application, and infrastructure security control mechanisms.
- Strong knowledge of cyber technology platforms that assist with Detect and Protect and the ability to interact with those teams as a peer.
- Ability to integrate various security and data protection controls to identify and mitigate risk effectively.
- Strategic thinker with the ability to communicate and influence at both technical team and senior management levels.