We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
McKesson Corporation jobs

MTAP - Vulnerability Disclosure Program Lead

McKesson Corporation
United States, Texas, Irving
Mar 06, 2025

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

Job Title: MTAP - Vulnerability Disclosure Program Lead

McKesson is growing- and we're hiring! Our Vulnerability Disclosure Program is evolving, and we need a dynamic cybersecurity lead to take the reins. We're looking for someone who's not just tech-savvy but also a natural connector, with a knack for transforming a vulnerability disclosure program into a world-class Bug Bounty initiative. If you've got a keen eye for root cause analysis and can seamlessly navigate interactions with external researchers, we want you on our team.

The ideal candidate will have a background in cybersecurity and experience with vulnerability management. You'll serve as a bridge between McKesson and the external research community, ensuring disclosures are handled with finesse and that our internal teams are aligned and ready to act. Working closely with key departments such as legal, compliance, and product development, your role will be pivotal in fortifying McKesson's cybersecurity posture.

Join us and become part of a team that's all about transparency, collaboration, and proactive risk management. This is your chance to make a significant impact on our organization's resilience and reputation within the cybersecurity community. You'll be at the forefront of driving our mission to enhance stakeholder trust and uphold our organizational values.

Come join McKesson's amazing future and be a catalyst for change!

Key Responsibilities:

  • Program Development: Design and implement a comprehensive Vulnerability Disclosure Program that aligns with industry best practices and evolves into a robust Bug Bounty initiative.
  • Stakeholder Collaboration: Work closely with internal teams, including legal, compliance, and product development, to ensure vulnerabilities are addressed promptly and efficiently.
  • External Researcher Engagement: Build and maintain strong relationships with external security researchers and ethical hackers to facilitate effective vulnerability reporting and resolution.
  • Root Cause Analysis: Conduct thorough root cause analyses of reported vulnerabilities and provide actionable recommendations to mitigate risks.
  • Policy and Procedure Enhancement: Develop and refine policies and procedures to ensure a consistent and transparent approach to vulnerability disclosure and management.
  • Education and Training: Conduct training sessions and workshops to educate internal teams on the importance of vulnerability management and the role of the Bug Bounty program.
  • Incident Response Coordination: Collaborate with incident response teams to ensure timely and effective handling of disclosed vulnerabilities and security incidents.
  • Metrics and Reporting: Establish metrics to track program performance and effectiveness and provide regular reports to senior management and stakeholders.
  • Market Awareness and Adaptation: Stay informed about emerging cybersecurity threats and trends to ensure the program remains relevant and proactive.
  • Advocacy and Communication: Act as an advocate for transparency and proactive risk management within the organization, promoting a culture of security awareness and continuous improvement.

Education Requirements

  • BA/BS degree or equivalent experience

Skills and Experience

Minimum Requirements:

  • Requires 10+ years of professional work experience
  • Requires 3+ years of vulnerability disclosure or bug bounty experience (from any point of view)

Required Skills:

  • 5+ years of experience in cybersecurity, particularly in vulnerability management and disclosure processes.
  • 3+ years of experience in root cause analysis with the ability to provide strategic recommendations for risk mitigation.
  • Proven ability to engage and collaborate with external researchers and ethical hackers to facilitate vulnerability reporting.
  • Expertise in coordinating with internal teams, including legal, compliance, and product development, to ensure effective vulnerability resolution.
  • Excellent communication skills to convey complex security issues to diverse audiences, including technical teams and business stakeholders.
  • Demonstrated ability to apply an empathetic approach when interacting with both internal teams and external researchers, fostering a collaborative and respectful environment.
  • Familiarity with regulatory and compliance standards relevant to the healthcare industry, such as HIPAA and HITRUST.
  • Experience in developing and implementing policies and procedures that promote transparency and proactive risk management.
  • Ability to manage and prioritize multiple tasks and projects in a dynamic environment.

Preferred Skills:

  • 2+ years of experience leading a Bug Bounty or similar vulnerability disclosure program.
  • Knowledge of the healthcare industry's unique cybersecurity challenges and regulatory requirements.
  • 3+ years of experience with incident response and crisis management in a healthcare setting.
  • Familiarity with cloud security practices and technologies, particularly those used in healthcare IT environments.
  • Strong analytical skills and the ability to interpret security data to drive informed decision-making.
  • Proficiency in using security metrics to track program performance and effectiveness.
  • Experience in fostering a culture of security awareness and continuous improvement within an organization.

Certification Requirements:

Preferably, one or more (or working toward one or more) of the following: CCSP, CISSP, CEH, OSCP, GPEN, Security+, AWS Certified Cloud Practitioner, or additional AWS advanced certifications such as AWS Certified DevOps Engineer

Physical Requirements:General Office Demands

Candidate must be authorized to work in the U.S, now or in the future, without the support from McKesson.

Relocation is NOT budgeted for this position.

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, pleaseclick here.

Our Base Pay Range for this position

$139,000 - $231,600

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!

Applied = 0
MORE JOBS LIKE THIS

(web-b798c7cf6-l9rr9)