Sr. Cyber Risk Assurance Analyst

Position Summary McKesson is hiring for a Sr. Cyber Risk Assurance Analyst who will be responsible for collaborating across legal, compliance, and technical teams to ensure alignment with regulatory frameworks such as HIPAA, NIST 800-53, FIPS-140, and CMS ARS. This role requires a strong technical background and deepexpertisein compliance, privacy, and risk management. The ideal candidate will translate complex government regulatory guidance (e.g.,NIST CVE, CMS ARS) into actionable business and technical requirements,driving toward secure and compliant designs that are compliant with relevant reference architecture frameworks. Key Responsibilities - Conduct cybersecurity risk assessments for internal systems and third-party applications within theregulatedenvironment. -Drivevulnerability managementplanbased onstrictrisk-based classificationsacrossmultiple platforms, engaging all asset owners. -Contribute to theformulationof cybersecurity strategies byadvisingrisk reduction priorities related to vulnerability trends. - Ensure compliance withall applicable regulatory frameworks and requirements - Translate technical frameworks and regulatory guidance (e.g.,NIST CVE,Zero Trust,FIPS-140) into actionable requirements for technical and business teams. - Collaborate with legal, compliance, and engineeringbusiness partnersto integrate requirements into contracts and system designs. - Supportcontinuousaudit readiness, evidence collection, and remediation planning - Develop andmaintainpolicies and procedures to support regulatory compliance and risk management. -Partner with multiplebusiness units to ensure success in third-partyaudits - Provide risk insights and recommendations to leadership to improve organizational risk posture. - Foster a culture of accountability and awareness across thebusiness unit. Minimum Requirements: - Degree or equivalent and typically requires 7+ years of relevant experience Critical Skills - Bachelors degree in Cybersecurity, Information Systems, or relatedfield. - 4+ years of experience in cybersecurity risk management or assurance, preferably inaHHSor federally regulated environment. - Strong technical background with the ability to interpret and apply complex regulatory frameworks. -Knowledge of IP network infrastructure, security defense in deptharchitecture(e.g.,firewalls, intrusion detection/prevention, end-point protection),identifyandaccessmanagement, data encryption - Experience with HIPAA, NIST 800-53, FISMA,FEDRAMP,and FIPS-140 -Strong knowledge of risk frameworks,standards, and authoritativeriskcategorizationsources (e.g., NIST, ISO,FedRAMP,KVE,CVSS, CVE) -Proficiencywith enterprise compliance platforms such asOneTrust, RSA Archer, or ServiceNow GRC. - Excellent analytical, documentation, and communication skills Additional Skills and Certifications - Certifications such as CISM, CRISC, or CISSP. - Experience conducting vendor risk assessments and contract reviews. We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please Our Base Pay Range for this position $99,800 - $166,300