Information Security Analyst

Company Name:
Support the McKesson Connected Care & Analytics (MCCA) division--IT Risk Leader objectives with a particular focus on Enterprise Intelligence & McKesson Homecare BUs within this division. These objectives are to directly assist the BU IT Risk Manager to develop and promote risk managed, consistent controls and processes for IT Risk Management, Security, Privacy, and Compliance as priorities and initiatives dictate.
oProvide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the IT Risk Manager.
oAssist IT Risk Manager in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. HIPAA-HITECH, PCI PA-DSS & PCI-DSS, HITRUST, ISO 27001, SOX, etc.).
oWork with business and IT owners to establish priorities for process improvements to remediate or mitigate risk.
oExecute problem determination and resolution for security gaps.
oHelp IT Risk Manager coordinate with Business Units and Corporate functions in the event of incidents or breaches.
oTrain and assist security administration functions when necessary.
oInteract with other IT Staff / Business Leads in meetings to enhance the understanding security issues and discuss solutions.
oHelp with IT asset security control coverage and metrics reporting regarding security and compliance data using RSA Archer Governance Risk & Compliance (GRC) and other tools as appropriate.
oAssist with threat & vulnerability management process and tools.
oPrepare automated and ad hoc reports and/or interpret data from various security sources (e.g. McAfee ePO, RSA enVision Security & Information Event Management (SIEM), Tenable Nessus vulnerability and configuration scanner, WebInspect, data loss prevention (DLP), etc.).
oAssist with application meta-data inventory, mapping, and development of data flow process documentation.
oFacilitate and execute response to Request for Proposals (RFP), Customer Questionnaires, Audits, and Remediation Plans.
oSupport ITRL to monitor critical vendors.
oSupport training and awareness efforts in the BUs.
oMonitor and provide support for business unit implementation of security technology initiatives and remediation measures.
oAssess and consult on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
oDevelop and maintain disaster recovery documentation and ensure associated processes meet business requirements.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.