View Our Website View All Jobs

Manager, InfoSec Audit

The Manager of Information Security Audit at CoverMyMeds leads our efforts to ensure CMM has a comprehensive, world-class implementation of information security. You will help innovate an information security practice responsible for governance, risk, and compliance that makes it easy to do the right thing while enabling the unique, associate empowered culture at CoverMyMeds

The Manager of Information Security Audit has broad accountability for execution of information security controls and audit of the company, including the integration of security perspectives into strategic planning, issue identification and remediation activities. A significant amount of the work is accomplished by educating and empowering other teams and supporting coordination of their work.

This position will be continually learning from industry resources and real-world experience and improving the CoverMyMeds information security audit and governance practices.

This leader will have to be strategic, technical, and business goal oriented with behaviors that lead to great cross organizational relationships.  They will help to build out CoverMyMeds’ strategic goals and objectives and help drive them to completion which will include navigating other priorities, goals, and helping educate others on what security means to them.

What You'll Do

The Manager of Information Security Audit position encompasses a number of responsibilities, including the following tasks related to IS Audit:

  • With senior leadership, establish the high-level information security audit vision and strategy to inform CoverMyMeds’ organizational risk and security decisions and influence action on risks that don’t align with our desired outcome or security posture.
  • Champion a culture of security for risk reduction and business enablement through proactive security-awareness training and the dissemination of policies and procedures.
  • Ensure CoverMyMeds’ compliance with applicable laws, regulations, contractual requirements, and policies to minimize risk and coordinate resolution of gaps when discovered.
  • Collaborate with sales, business, and technology leadership to successfully complete new and existing customer assessments and audits.
  • Lead the execution and maintenance of annual activities such as SOC2 audits, risk assessments, incident response tabletop exercises and penetration tests
  • Lead recurring (daily, weekly, monthly) activities to ensure that processes related to information security are being followed, managing the evidence of adherence for internal and external inspection.
  • Educate and assist our associates in understanding information security and prioritizing and quantifying their security issues, planning appropriate responses, and justifying the application of resources toward addressing the risks 
  • Evolve internal tools, controls and processes that manage the inspection, remediation, assurance measuring lifecycle activities of CoverMyMeds information security to meet our obligations
  • Drive action, monitor and report on the progress of security issue remediation activities
  • Understand current best practices in information security and advise CoverMyMeds in applying those principles here
  • Collaborate with other Governance, Risk & Compliance (GRC) and Privacy leaders to ensure continuity between Risk, Information Security, Compliance, and Privacy functions 
  • Directly manage information security audit resources if applicable
  • Establish information security audit roles and responsibilities 
  • Promote a “security is everyone’s responsibility” culture
  • Work with recruiting staff to determine how to best engage candidates, and participate in recruiting activities
  • Mentor others in CoverMyMeds on information security principles and practices
  • Participate in information security professional organizations to represent CoverMyMeds and our brand
  • Manage budget for personnel, tooling, and services
  • Manage creation and upkeep of Information security policies and processes
  • Actively promote continuous improvement across the company

About You

  • Exceptional blend of technical, business, organizational, and interpersonal skills
  • Strategic thinker, able to understand and help architect technology and business processes, and maintain a business and customer focus
  • Strong technical and business leader with high level of written and oral communication skills, able to bridge quality and risk concerns across both realms
  • Experienced at partnering with an executive team
  • Consensus builder, able to move both technical and non-technical people to action
  • Four-year technical degree or equivalent
  • 10+ years in audit and or information security and 7+ years managing audit or security functions
  • Passionate about continuous learning and certification in industry best practices
  • Ability to work and thrive in a highly creative, collaborative, and dynamic environment
  • Healthcare Industry experience a plus

About Us 

CoverMyMeds, part of McKesson’s Prescription Technology Solutions, is a fast-growing healthcare technology company. Our mission: Help patients get the medications they need to live healthy lives. Our solutions seamlessly connect the health care network to improve medication access, increasing speed to therapy and reducing prescription abandonment for patients like you and me.

We hire ambitious people and make it a priority to invest in them by providing opportunities to grow their careers and connections within the community. On-site culinary team, flexible hours and paid benefits? Yeah, we have those too. But don’t take our word for it. We’ve been recognized as a “Best Place to Work” by Glassdoor, a “Best Company to Work For” by FORTUNE, and our employees have great things to say, too.

CoverMyMeds is an equal opportunity and affirmative action employer. We embrace diversity and are committed to creating an inclusive environment for all employees. Qualified applicants will be considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, disability or veteran status.


Read More

Apply for this position

Apply with
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 5/31/2023
Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition. Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson's disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Your Name Today's Date