|
McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you. McKesson is seeking an accomplished and strategic leader to serve as Senior Director, Cyber Resiliency and Business Continuity. This senior leadership role will be responsible for establishing and overseeing the enterprise cybersecurity governance, methodology, and assurance framework for Business Continuity Planning (BCP), cyber incident recovery, and operational resilience. This role ensures the organization can anticipate, withstand, recover from, and adapt to cyber and technology disruptions, while meeting regulatory, audit, and risk management expectations.
Operating within the Cybersecurity organization, this leader provides program ownership and enterprise oversight, partnering closely with Business leaders, IT / Disaster Recovery teams, Enterprise Risk Management, Audit, and Regulatory stakeholders to ensure consistency, effectiveness, and maturity of resiliency capabilities.
This role does not execute business continuity plans or IT recovery directly, but owns the standards, governance, validation, and assurance that ensure those activities are effective, tested, and aligned to enterprise risk tolerance. Key Responsibilities: Cyber Resiliency Governance & Strategy
Own and maintain enterprise BCP and Cyber Resiliency policies, standards, and methodologies in alignment with regulatory expectations and industry frameworks Define roles, responsibilities, escalation paths, and governance forums for cyber and operational resilience across the enterprise. Establish and mature a consistent enterprise resiliency operating model, clearly delineating Cyber, Business, and IT / DR accountabilities.
Business Impact Analysis (BIA) Methodology & Oversight
Own the enterprise BIA methodology, including criticality tiers, prioritization criteria, and data quality standards. Ensure BIAs are consistently executed by the business with appropriate rigor and alignment to policy. Validate business-defined recovery objectives (e.g., RTO, MTD, dependencies) for completeness, consistency, and risk-based justification. Provide quality assurance and challenge to ensure BIAs reflect real operating realities and cyber threat considerations.
Program Oversight, Assurance & Reporting
Provide program-level oversight of enterprise BCP and cyber resiliency activities, focusing on: Completeness, Consistency, Risk alignment, Maturity progression. Develop and deliver executive reporting on resiliency posture, gaps, trends, and remediation status. Track findings, gaps, and corrective actions across cyber, business, and IT domains, ensuring accountability and closure. Measure and report program maturity against recognized frameworks and internal expectations.
Testing, Exercises & Lessons Learned
Coordinate and govern enterprise resiliency exercises, including tabletop simulations and recovery validation activities. Ensure testing scenarios incorporate cyber-driven disruption, realistic failure conditions, and cross-functional dependencies. Lead post-exercise and post-incident lessons learned processes, driving actionable improvements across policy, plans, and execution. Validate that testing outcomes result in concrete remediation and capability uplift.
Crisis Management Partnership
Partner with Crisis Management and Incident Response leaders to ensure clear governance and escalation during major cyber disruptions, alignment between cyber incident response, business continuity, and technology recovery. Provide oversight assurance that crisis processes, roles, and decision frameworks are defined, tested, and understood.
Leadership & Collaboration
Influence senior leaders across Business, IT, Risk, and Legal without direct authority. Build strong partnerships while maintaining independent challenge and assurance. Lead and develop a high-performing cyber resiliency team, fostering a culture of accountability, rigor, and continuous improvement. Provide executive-level visibility and guidance on resiliency risks, posture, and prioritization.
Minimum Qualifications:
Bachelor's Degree (in Computer Science, Information Security, or related field) or equivalent experience. Typically requires 13+ years of relative experience and 6+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience).
Critical Experience/Skills:
Extensive experience in cybersecurity, operational resilience, business continuity, risk management, or related domains, with at least 5 years in a senior leadership role. Demonstrated experience owning enterprise-wide governance programs in a regulated environment. Strong knowledge of BCP, cyber resiliency, and resilience frameworks (e.g., ISO 22301, NIST, operational resilience concepts). Exceptional ability to translate complex resiliency concepts into clear, actionable leadership insights. Excellent communication and stakeholder management skills.
Preferred Experience/Skills:
In-depth understanding of healthcare-specific cybersecurity challenges and regulations. Relevant industry certifications (e.g., CISSP, CISM, CRISC). Master's Degree preferred.
We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, pleaseclick here. Our Base Pay Range for this position
$183,500 - $305,900
McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson's (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:
McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application. McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates. McKesson job postings are posted on our career site: careers.mckesson.com. McKesson is an Equal Opportunity Employer McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page. McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to (United States) Disability_Accommodation@McKesson.com or (Canada) Accessibility@mckesson.ca. Resumes or CVs submitted to this email box will not be accepted. Join us at McKesson!
|
McKesson Corporation
May 01, 2026