Job Description

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

(Purpose of job):

The Information Security Analyst – Level 2 plays a critical role in advancing McKesson’s cybersecurity posture by performing deeper analysis of security events, supporting incident investigations, and contributing to the implementation of security controls across the enterprise. Operating within a regulated environment, this role builds on foundational skills to independently assess threats, identify vulnerabilities, and provide insights that inform risk‑based decision making. The Analyst is responsible for executing more complex operational tasks, recommending improvements to existing processes, and participating in audits and compliance activities.

This role contributes to enterprise security by evaluating security data, validating remediation plans, and collaborating with senior analysts, engineering teams, and business partners to ensure solutions are aligned with organizational security requirements. The Analyst provides developing subject matter expertise, supports knowledge sharing, and contributes to strengthening McKesson’s cyber resilience through proactive monitoring and continuous improvement efforts.

Key Responsibilities

Monitor, investigate, andanalyzesecurity alerts and events, applying intermediate‑level triage and determining potential business impact.

Lead initial incident investigation activities by gathering evidence,analyzingindicators, and preparing detailed documentation for senior analysts.

Conduct vulnerability assessments, interpret scan results, and recommend remediation actions to reduce risk exposure.

Perform routine security audits, control testing, and assessments aligned with regulatory and compliance requirements.

Research emerging threats, trends, and technologies, incorporating findings into threat assessments and security enhancements.

Contribute to the development and refinement of security policies, standards, operating procedures, and detection playbooks.

Collaborate with cross‑functional teams to support secure system designs, mitigate risks, and review technology implementations.

Provide guidance to Level 1 analysts, supporting knowledge transfer, mentoring, and skill development.

Produce clear, concise reports on incidents, vulnerabilities, and operational findings for both technical and management stakeholders.

Recommend enhancements to tools, dashboards, and workflows to improve detection efficiency and operational effectiveness.

Minimum Requirement Degree or equivalent and typically requires 2+ years of relevant experience.

Critical Skills :

Knowledge ofidentity practices includingimplementing user credential management systemsand enforcingAccess Controls

Developing skills inperforming event correlationandrecognizingbehavioralpatternsusing enterprise telemetry.

Ability toassistwithperforming incident responses(triage, containment support, evidence capture).

Developing skills inperforming metadata analysisto enrich alerts and support root-cause hypotheses.

Ability toenhance visibility byvalidatingsecuring network communicationsacross platforms.

Developing skills introubleshooting system performancewith consideration for security misconfigurations.

Knowledge ofappliedCryptographyand awareness ofimplementing enterprise key escrow systems

Developing skills increating andmaintainingautomated security control systemsfor repetitive checks.

Ability topresent findings in shortpreparing briefingsto technical stakeholders.

Knowledge ofArtificial Intelligence (AI) Securityrisks and data protection concerns (introductory).

Nice To Have:

Experience working with SIEM, vulnerability management platforms, endpoint security tools, or related enterprise security technologies.

Exposure to compliance frameworks, security audits, or risk assessments within regulated environments.

Candidate must be authorized to work in the U.S, now or in the future, without the support from McKesson.

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

$38.62 - $64.36

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to (United States) Disability_Accommodation@McKesson.com or (Canada) Accessibility@mckesson.ca Resumes or CVs submitted to this email box will not be accepted.

Join us at McKesson!

About McKesson

Welcome to the official LinkedIn page for McKesson Corporation. We're an impact-driven healthcare organization dedicated to “Advancing Health Outcomes For All.”

As a global healthcare company, we touch virtually every aspect of health. Our leaders empower our people to lead with a growth mindset and deliver excellence for our customers, partners, and the wellbeing of people, everywhere. We work with biopharma companies, care providers, pharmacies, manufacturers, governments, and others to deliver insights, products and services that make quality care more accessible and affordable. Delivering better health outcomes for our employees, our communities, and our environment. Every day, we strive to inspire and enable people to reach their full potential.

To learn more about how #TeamMckesson helps improve care in every setting, visit: https://bit.ly/3xadvB0

Industry

Healthcare & Social Services

Company Size

10,000+ employees

Headquarters

Irving, Texas

Year Founded

Unknown

Website

mckesson.com

Social Media

Sr. Associate, Information Security Analyst

Job Description

About McKesson