McKesson IT Governance, Risk and Compliance Business Analyst in Alpharetta, Georgia

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

Current Need

We are hiring a business analyst to help support our enterprise Governance, Risk and Compliance (GRC) platform. This individual will support the departments using the GRC platform including Information Security & Risk Management (ISRM), Internal Audit and the Compliance department.

The analyst will also monitor trends in Governance, Risk and Compliance technologies helping to develop a roadmap for the tools and processes.

This position can be based at our Alpharetta, GA or Scottsdale, AZ office.

Position Description

The GRC platform currently used at McKesson (Archer) is a relatively mature deployment – however its use is expanding across the enterprise. ISRM has been using the platform for risk management, compliance, policy management, vulnerability management and other areas for over five years. Internal Audit has been using the platform for approximately one year. Our Compliance team is also hoping to move to the platform in the near future.

Key responsibilities:

  • Work with business stakeholders to capture business requirements (reaching out to multiple lines of business within the organization) and translate them into technical terms for the resources administering the solution.

  • Train and support the users – and help identify and train champions in the different teams.

  • Developing workspaces, dashboards and enterprise reports.

  • Data analysis and data imports / exports:

  • There are a few monthly processes to bring in data from other source systems. Also ad-hoc imports and exports will be needed based on business circumstances (e.g. when we do acquisitions and divestitures)

  • Understanding data and processes to help support the business process successfully. As examples they will need to identify why an export doesn’t look right, understanding why a report appears to be missing data, and coming up with changes/development within the tool and without (in Excel, wherever), to support whatever GRC process they are working on at the time.

The individual will capture requirements for implementation of various modules like Issue Management, Risk Management, Compliance Management, Audit GRC Management, Third Party Module, and Policy & Document Management. The Analyst should be able to resolve any requirements issues coordinating with business and internal resources.

Minimum Requirements

4 years experience in administering security controls in an organization

Critical Skills

  • 4 years information security, audit or compliance experience

  • 2 years experience using Archer GRC platform

  • Good communications and interpersonal skills to build/ maintain ongoing business relationships

  • Strong focus on process and data quality

  • Strong Project and Time Management skills

  • Capable of anticipating needs and driving clarity on expectations.

  • Able to exercise professional judgment within defined procedures

  • Experience in Risk Assessment, audit, and IT security assessments

  • Familiar with compliance regulations, IT, security frameworks and standards

Additional Knowledge & Skills

  • Experience performing audit, risk assessment and IT compliance activities preferred.

  • Experience administering Archer (e.g. configuring applications, building questionnaires) preferred

  • Knowledge of the healthcare industries is a plus.

  • CISA, CISSP or other similar professional designations are a plus

Education

4-year degree in computer science or related field or equivalent experience

Physical Requirements

General Office Demands

Benefits & Company Statement

McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement

No agencies please.

Job: Technology

Organization: McKesson Corporate

Title: IT Governance, Risk and Compliance Business Analyst

Location: Georgia-Alpharetta

Requisition ID: 17005065

Other Locations: United States-Arizona-Scottsdale