Manager, It Risk Management
Alpharetta, Ga
As part of McKesson’s Information Security & Risk Management team, I helped protect McKesson’s most critical information assets while ensuring that systems remained both available to customers and compliant with applicable internal and external requirements.Primary responsibilities included leading McKesson’s Customer Assurance program, providing internal subject matter expertise on customer audits, attestations, and certifications (e.g. SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA… Show more As part of McKesson’s Information Security & Risk Management team, I helped protect McKesson’s most critical information assets while ensuring that systems remained both available to customers and compliant with applicable internal and external requirements.Primary responsibilities included leading McKesson’s Customer Assurance program, providing internal subject matter expertise on customer audits, attestations, and certifications (e.g. SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA attestation, etc.) that occur within the business units. I also served as internal subject matter expert on the HITRUST CSF and assurance processes, and helped lead the HITRUST CSF implementation and certification efforts at McKesson.I was additionally involved in a variety of other efforts within the IT risk management and governance, risk, and compliance (GRC) space, including the management of information security policies and standards, the development of risk-based criteria used to identify and prioritize critical information systems, IT risk management framework maturation, and evaluations of cybersecurity control implementation on systems across the enterprise. Show less