Information Security Analyst
Company Name:
BITSOFT INTERNATIONAL, INC.
The corporate Information Security Risk Management (ISRM) organization is responsible for building and promoting the enterprise-wide IT Governance, Risk, Security, Privacy, and Compliance Programs. The objectives of these programs are to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk, cost, and business benefit to adequately protect critical IT assets. The IT Risk Leader role within the ISRM IT Risk Management group is responsible for supporting and monitoring the success of this program for divisions that are broken down into multiple business unites (BU) throughout McKesson. The scope of this program includes, but is not limited to the following IT categories:
o Asset Management
o Security
o Privacy
o Compliance
o Customer Support
o Vendor risk
o Application and Product risk management
o Systems and Network Infrastructure
o Resilience
o Emerging Technology
Job Description
Support the McKesson Connected Care & Analytics (MCCA) division--IT Risk Leader objectives with a particular focus on Enterprise Intelligence & McKesson Homecare BUs within this division. These objectives are to directly assist the BU IT Risk Manager to develop and promote risk managed, consistent controls and processes for IT Risk Management, Security, Privacy, and Compliance as priorities and initiatives dictate.
oProvide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the IT Risk Manager.
oAssist IT Risk Manager in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. HIPAA-HITECH, PCI PA-DSS & PCI-DSS, HITRUST, ISO 27001, SOX, etc.).
oWork with business and IT owners to establish priorities for process improvements to remediate or mitigate risk.
oExecute problem determination and resolution for security gaps.
oHelp IT Risk Manager coordinate with Business Units and Corporate functions in the event of incidents or breaches.
oTrain and assist security administration functions when necessary.
oInteract with other IT Staff / Business Leads in meetings to enhance the understanding security issues and discuss solutions.
oHelp with IT asset security control coverage and metrics reporting regarding security and compliance data using RSA Archer Governance Risk & Compliance (GRC) and other tools as appropriate.
oAssist with threat & vulnerability management process and tools.
oPrepare automated and ad hoc reports and/or interpret data from various security sources (e.g. McAfee ePO, RSA enVision Security & Information Event Management (SIEM), Tenable Nessus vulnerability and configuration scanner, WebInspect, data loss prevention (DLP), etc.).
oAssist with application meta-data inventory, mapping, and development of data flow process documentation.
oFacilitate and execute response to Request for Proposals (RFP), Customer Questionnaires, Audits, and Remediation Plans.
oSupport ITRL to monitor critical vendors.
oSupport training and awareness efforts in the BUs.
oMonitor and provide support for business unit implementation of security technology initiatives and remediation measures.
oAssess and consult on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
oDevelop and maintain disaster recovery documentation and ensure associated processes meet business requirements.Estimated Salary: $20 to $28 per hour based on qualifications.
BITSOFT INTERNATIONAL, INC.
The corporate Information Security Risk Management (ISRM) organization is responsible for building and promoting the enterprise-wide IT Governance, Risk, Security, Privacy, and Compliance Programs. The objectives of these programs are to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk, cost, and business benefit to adequately protect critical IT assets. The IT Risk Leader role within the ISRM IT Risk Management group is responsible for supporting and monitoring the success of this program for divisions that are broken down into multiple business unites (BU) throughout McKesson. The scope of this program includes, but is not limited to the following IT categories:
o Asset Management
o Security
o Privacy
o Compliance
o Customer Support
o Vendor risk
o Application and Product risk management
o Systems and Network Infrastructure
o Resilience
o Emerging Technology
Job Description
Support the McKesson Connected Care & Analytics (MCCA) division--IT Risk Leader objectives with a particular focus on Enterprise Intelligence & McKesson Homecare BUs within this division. These objectives are to directly assist the BU IT Risk Manager to develop and promote risk managed, consistent controls and processes for IT Risk Management, Security, Privacy, and Compliance as priorities and initiatives dictate.
oProvide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the IT Risk Manager.
oAssist IT Risk Manager in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. HIPAA-HITECH, PCI PA-DSS & PCI-DSS, HITRUST, ISO 27001, SOX, etc.).
oWork with business and IT owners to establish priorities for process improvements to remediate or mitigate risk.
oExecute problem determination and resolution for security gaps.
oHelp IT Risk Manager coordinate with Business Units and Corporate functions in the event of incidents or breaches.
oTrain and assist security administration functions when necessary.
oInteract with other IT Staff / Business Leads in meetings to enhance the understanding security issues and discuss solutions.
oHelp with IT asset security control coverage and metrics reporting regarding security and compliance data using RSA Archer Governance Risk & Compliance (GRC) and other tools as appropriate.
oAssist with threat & vulnerability management process and tools.
oPrepare automated and ad hoc reports and/or interpret data from various security sources (e.g. McAfee ePO, RSA enVision Security & Information Event Management (SIEM), Tenable Nessus vulnerability and configuration scanner, WebInspect, data loss prevention (DLP), etc.).
oAssist with application meta-data inventory, mapping, and development of data flow process documentation.
oFacilitate and execute response to Request for Proposals (RFP), Customer Questionnaires, Audits, and Remediation Plans.
oSupport ITRL to monitor critical vendors.
oSupport training and awareness efforts in the BUs.
oMonitor and provide support for business unit implementation of security technology initiatives and remediation measures.
oAssess and consult on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
oDevelop and maintain disaster recovery documentation and ensure associated processes meet business requirements.Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
