Lead Security Architect

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

We are seeking a Lead Security Architect to join our Information Security Architecture team and deliver on our mission of providing superior identity and access management (IAM) and Operation Technology services to our customers, providers, partners, and employees. This is a technical position which will support the development of identity security architecture vision as it relates to McKesson's platforms, specifically setting the direction for IAM as it relates to cloud.

Position Description:

As the Lead Security Architect, you will have the opportunity to shape the vision and strategy for Information Security and Enterprise Access Management at McKesson. Successful candidates will have a strong background in Customer or Enterprise Identity and Access Management and a proven ability to influence and drive change.

Responsibilities include:

• Provides technical leadership to drive and shape the Global Identity Services architecture

• Develops strategic roadmaps, technical blueprints, standards, and reference architectures in support of the Global Identity Services program

• Consults with business stakeholders and other architects to understand core business processes and business priorities and provides recommendations on IAM solutions

• Leads technical evaluations of IAM products including proof of concepts to determine business value of candidate solutions

• Collaborates cross-functionally with other technology teams and Information Security and Risk Organization

• Acts as Subject-matter expertise across all IAM topics as it relates to both clouds, on-premise, Customer and Colleague enterprise technology, and the relationship between the architectures.

• Drives the adoption of Authentication and Authorization reference architectures for existing, new, and emerging IAM technologies.

• Participates in Identity and Access Management enterprise governance processes and drive IAM standards adoption.

• Develops effective architecture solutions that not only satisfy immediate project requirements but also deliver a coherent, reusable, reliable and phased architecture to help the business grow and change while aligning to strategic vision.

• Creates, maintains, and aligns the McKesson Corporation Information Security policies and standards with industry best practices and business needs in the adoption of cloud services and technologies.

• Represents Information Security on organizational project teams and ensure adherence to existing security policies and standards.

• Manages the successful technical delivery of Information Security projects and services for our customers by working directly with key business stakeholders, executives, and project teams. Security architects are often the technical lead on initiatives and as such must drive the vision and alignment of the solution delivery.

• Reviews and management of technical security roadmaps related to cloud security and IAM within a cloud security context.

• Delivers technical security configuration architecture expertise in implementing cross-organizational information sharing.

• Lead all aspects of architectural activities for a technology domain, or architectural practice area, or manage the development of solution architectures for projects or programs within a business area.

• Define standards and direction of architecture in the specific business or technical domain. Define and develop the logical design and information management strategies vital to store, move and manage data in a new target state.

• Utilize architecture patterns to suggest the most adequate utilization of technical platforms in support of the holistic solution architecture design.

• Define, build and evolve the Architecture Governance Framework (e.g. architecture methods, practices and standards) for IT.

• Improve and ensure cyber security for our Operation Technology (OT)-systems.

• Define, design, apply and support security controls to OT systems in our sites and own and define the architectural security standards for OT.

• Develops solutions and recommendations for issues caused by process challenges, emerging threats, and technology changes.

• Works closely with the ISRM Global Product Assurance (GPA) is assessing the security of applications under evaluation for production.

• Drives Request for Proposal (RFP) and vendor selection process in the IAM and OT space.

• Keeps abreast of industry trends and informs the team of evolving IAM standards and landscape

Qualifications:

• Experience interpreting identity and access management strategies and direction. Further, the person must have experience bringing together key tenets of Information Security to the IAM cloud strategies and developing technical security solutions that properly align.

• The individual in this role must be well educated in general aspects of Information Security, namely: Business Acumen, Digital, Financial Services, Cloud, Fintech and B2B

• Experience architecting IAM solutions within Microsoft Azure, Amazon Web Services (AWS) and, preferably, other cloud providers.

• Intimate familiarity with IAM related protocols: SAML, SPML, XACML, SCIM, OpenID and OAuth.

• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.

• Experience with Federation concepts and technologies particularly with solutions from ADFS and Ping Identity.

• In-depth experience with Microsoft Azure, particularly Azure AD and architecture designs connecting Azure to enterprise infrastructure.

• Strong experience with Directories, SSO, Federation, Delegated administration, API gateways, SOA services.

• Deep understanding of cloud computing architecture, technical design, and implementations, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) delivery models.

• Consulting to key customers and senior management on project design and development scope.

• Assists customer organizations with planning and implementing complex architecture solutions.

Preferred Requirements:

• 8 years' experience in developing technical architectures with minimum of 5 years focused on IAM architecture

Critical Skills:

• Strong understanding of the end-to-end Identity lifecycle management

• Hands on experience with authentication and authorization protocols such as OIDC, SAML, OAuth2, FIDO, U2F, WebAuthn, SCIM, XACML, LDAP, RADIUS, Kerberos

• Proven ability to architect robust, scalable, and secure solutions that meet customer's IAM needs

• Experience with Multi-factor authentication capabilities including token-based, biometrics, certificates, and adaptive authentication

• Experience with Privileged access management (PAM) architectures and capabilities (least privileged, session management, vaulting, and endpoint privileged management). Experience with CyberArk and Azure PIM, Identity Governance processes and solutions such as SailPoint or Saviynt

• Experience with IDaaS providers such as Okta, Azure AD, Ping Identity, or Google Cloud Identity

Additional Knowledge & Skills:

• Experience with cloud architectures particularly Azure and GCP native IAM controls

• Experience with User Behavior Analytics, Operation Technology, Cloud

• Experience with WorkDay, SAP, or SalesForce, O365, Active Directory and ADFS

• Experience with MDM capabilities such as InTune, Jamf, or Airwatch

• Experience with API Gateway and microservices architectures

• Knowledge of Applied Cryptography and PKI

• Experience with Python, PowerShell, Java, Java Script, JSON, REST, Scripting, HTML

• Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR)

• Excellent written and verbal communication and organizational skills

• Strong interpersonal and communications skills to build/ maintain ongoing business relationships

Education:

• 4-year degree in computer science or related field or equivalent experience

Certifications:

• CISSP or SANS GIAC a plus

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That's why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!