McKesson IT Governance, Risk and Compliance Business Analyst in Alpharetta, Georgia
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
We are hiring a business analyst to help support our enterprise Governance, Risk and Compliance (GRC) platform. This individual will support the departments using the GRC platform including Information Security & Risk Management (ISRM), Internal Audit and the Compliance department.
The analyst will also monitor trends in Governance, Risk and Compliance technologies helping to develop a roadmap for the tools and processes.
This position can be based at our Alpharetta, GA or Scottsdale, AZ office.
The GRC platform currently used at McKesson (Archer) is a relatively mature deployment – however its use is expanding across the enterprise. ISRM has been using the platform for risk management, compliance, policy management, vulnerability management and other areas for over five years. Internal Audit has been using the platform for approximately one year. Our Compliance team is also hoping to move to the platform in the near future.
Work with business stakeholders to capture business requirements (reaching out to multiple lines of business within the organization) and translate them into technical terms for the resources administering the solution.
Train and support the users – and help identify and train champions in the different teams.
Developing workspaces, dashboards and enterprise reports.
Data analysis and data imports / exports:
There are a few monthly processes to bring in data from other source systems. Also ad-hoc imports and exports will be needed based on business circumstances (e.g. when we do acquisitions and divestitures)
Understanding data and processes to help support the business process successfully. As examples they will need to identify why an export doesn’t look right, understanding why a report appears to be missing data, and coming up with changes/development within the tool and without (in Excel, wherever), to support whatever GRC process they are working on at the time.
The individual will capture requirements for implementation of various modules like Issue Management, Risk Management, Compliance Management, Audit GRC Management, Third Party Module, and Policy & Document Management. The Analyst should be able to resolve any requirements issues coordinating with business and internal resources.
4 years experience in administering security controls in an organization
4 years information security, audit or compliance experience
2 years experience using Archer GRC platform
Good communications and interpersonal skills to build/ maintain ongoing business relationships
Strong focus on process and data quality
Strong Project and Time Management skills
Capable of anticipating needs and driving clarity on expectations.
Able to exercise professional judgment within defined procedures
Experience in Risk Assessment, audit, and IT security assessments
Familiar with compliance regulations, IT, security frameworks and standards
Additional Knowledge & Skills
Experience performing audit, risk assessment and IT compliance activities preferred.
Experience administering Archer (e.g. configuring applications, building questionnaires) preferred
Knowledge of the healthcare industries is a plus.
CISA, CISSP or other similar professional designations are a plus
4-year degree in computer science or related field or equivalent experience
General Office Demands
Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please.
Organization: McKesson Corporate
Title: IT Governance, Risk and Compliance Business Analyst
Requisition ID: 17005065
Other Locations: United States-Arizona-Scottsdale