The Manager of Information Security Audit at CoverMyMeds leads our efforts to ensure CMM has a comprehensive, world-class implementation of information security. You will help innovate an information security practice responsible for governance, risk, and compliance that makes it easy to do the right thing while enabling the unique, associate empowered culture at CoverMyMeds.
The Manager of Information Security Audit has broad accountability for execution of information security controls and audit of the company, including the integration of security perspectives into strategic planning, issue identification and remediation activities. A significant amount of the work is accomplished by educating and empowering other teams and supporting coordination of their work.
This position will be continually learning from industry resources and real-world experience and improving the CoverMyMeds information security audit and governance practices.
This leader will have to be strategic, technical, and business goal oriented with behaviors that lead to great cross organizational relationships. They will help to build out CoverMyMeds’ strategic goals and objectives and help drive them to completion which will include navigating other priorities, goals, and helping educate others on what security means to them.
What You'll Do
The Manager of Information Security Audit position encompasses a number of responsibilities, including the following tasks related to IS Audit:
- With senior leadership, establish the high-level information security audit vision and strategy to inform CoverMyMeds’ organizational risk and security decisions and influence action on risks that don’t align with our desired outcome or security posture.
- Champion a culture of security for risk reduction and business enablement through proactive security-awareness training and the dissemination of policies and procedures.
- Ensure CoverMyMeds’ compliance with applicable laws, regulations, contractual requirements, and policies to minimize risk and coordinate resolution of gaps when discovered.
- Collaborate with sales, business, and technology leadership to successfully complete new and existing customer assessments and audits.
- Lead the execution and maintenance of annual activities such as SOC2 audits, risk assessments, incident response tabletop exercises and penetration tests
- Lead recurring (daily, weekly, monthly) activities to ensure that processes related to information security are being followed, managing the evidence of adherence for internal and external inspection.
- Educate and assist our associates in understanding information security and prioritizing and quantifying their security issues, planning appropriate responses, and justifying the application of resources toward addressing the risks
- Evolve internal tools, controls and processes that manage the inspection, remediation, assurance measuring lifecycle activities of CoverMyMeds information security to meet our obligations
- Drive action, monitor and report on the progress of security issue remediation activities
- Understand current best practices in information security and advise CoverMyMeds in applying those principles here
- Collaborate with other Governance, Risk & Compliance (GRC) and Privacy leaders to ensure continuity between Risk, Information Security, Compliance, and Privacy functions
- Directly manage information security audit resources if applicable
- Establish information security audit roles and responsibilities
- Promote a “security is everyone’s responsibility” culture
- Work with recruiting staff to determine how to best engage candidates, and participate in recruiting activities
- Mentor others in CoverMyMeds on information security principles and practices
- Participate in information security professional organizations to represent CoverMyMeds and our brand
- Manage budget for personnel, tooling, and services
- Manage creation and upkeep of Information security policies and processes
- Actively promote continuous improvement across the company
- Exceptional blend of technical, business, organizational, and interpersonal skills
- Strategic thinker, able to understand and help architect technology and business processes, and maintain a business and customer focus
- Strong technical and business leader with high level of written and oral communication skills, able to bridge quality and risk concerns across both realms
- Experienced at partnering with an executive team
- Consensus builder, able to move both technical and non-technical people to action
- Four-year technical degree or equivalent
- 10+ years in audit and or information security and 7+ years managing audit or security functions
- Passionate about continuous learning and certification in industry best practices
- Ability to work and thrive in a highly creative, collaborative, and dynamic environment
- Healthcare Industry experience a plus
CoverMyMeds, part of McKesson’s Prescription Technology Solutions, is a fast-growing healthcare technology company. Our mission: Help patients get the medications they need to live healthy lives. Our solutions seamlessly connect the health care network to improve medication access, increasing speed to therapy and reducing prescription abandonment for patients like you and me.
We hire ambitious people and make it a priority to invest in them by providing opportunities to grow their careers and connections within the community. On-site culinary team, flexible hours and paid benefits? Yeah, we have those too. But don’t take our word for it. We’ve been recognized as a “Best Place to Work” by Glassdoor, a “Best Company to Work For” by FORTUNE, and our employees have great things to say, too.
CoverMyMeds is an equal opportunity and affirmative action employer. We embrace diversity and are committed to creating an inclusive environment for all employees. Qualified applicants will be considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, disability or veteran status.