CT - Analyst, Third Party Cyber Security
$92,900 - $154,800/Yr
McKesson - Irving, TX
posted 25 days ago
Full-time - Mid Level
Irving, TX
1-10 employees
Merchant Wholesalers, Nondurable Goods
About the position
The Third Party Cyber Security Analyst at McKesson plays a vital role in safeguarding the organization's external partnerships and integrations. This position involves assessing, monitoring, and mitigating cybersecurity risks associated with third-party entities, including vendors and partners. The Analyst will engage in operational activities such as security assessments, compliance monitoring, and incident response coordination to ensure a secure ecosystem around third-party interactions.
Responsibilities
- Conduct initial and ongoing security assessments of third-party vendors, partners, and suppliers to identify potential cybersecurity risks.
- Assist in the evaluation of third-party security controls and compliance with the organization's security policies and industry standards.
- Document findings, prepare reports, and communicate identified risks and recommended remediation actions to internal stakeholders.
- Support the continuous monitoring of third-party access points and data exchanges to detect and respond to security incidents or policy violations.
- Assist in tracking and enforcing third-party compliance with established security requirements and contractual obligations.
- Maintain up-to-date records of third-party risk assessments, compliance statuses, and remediation activities.
- Participate in the identification, investigation, and management of security incidents involving third-party entities.
- Work with the Third-Party Cybersecurity Architect to coordinate incident response efforts, communicate with affected third-party entities, and ensure timely resolution.
- Assist in conducting root cause analysis and preparing incident reports to prevent future security breaches.
- Assist in the cybersecurity due diligence process for M&A activities, focusing on identifying risks related to third-party connections and integrations.
- Contribute to the development of integration plans to secure merging IT systems and data in collaboration with other cybersecurity team members.
- Ensure adherence to established policies and procedures related to third-party cybersecurity.
- Assist in the development and continuous improvement of third-party security guidelines, checklists, and processes.
- Maintain awareness of emerging cybersecurity threats and trends that could impact third-party security.
- Collaborate with internal teams, including legal, procurement, and vendor management, to ensure security requirements are included in third-party contracts.
- Communicate security expectations, guidelines, and compliance requirements to third-party entities.
- Work closely with the broader cybersecurity team to integrate third-party security considerations into overall cybersecurity strategies.
- Assist in the development and delivery of training sessions on third-party cybersecurity risks and best practices for internal stakeholders.
- Support initiatives to raise awareness of third-party security risks across the organization and among external partners.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent work experience.
- 4+ years of experience in Cybersecurity, with a focus on third-party risk management, vendor management, or related areas.
- Familiarity with cybersecurity frameworks, such as NIST, ISO 27001, or similar.
- Basic knowledge of network security, data protection, and incident response principles.
- Strong analytical, problem-solving, and communication skills.
- Ability to work collaboratively in a team environment and manage multiple tasks with attention to detail.
Nice-to-haves
- Experience with security assessment tools and methodologies.
- Relevant cybersecurity certifications (e.g., CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Third Party Risk Professional (CTPRP)).
- Familiarity with regulatory requirements related to third-party cybersecurity (e.g., GDPR, CCPA, etc.).
Benefits
- Competitive compensation package including base pay and potential bonuses.
- Annual bonus or long-term incentive opportunities.
