McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.
Position Summary
McKesson's well-regarded Law Department is seeking an experienced cybersecurity and privacy lawyer to provide decisive day-to-day legal counseling and advice across the enterprise. The Senior Counsel will play a key role in McKesson's risk mitigation strategy for cybersecurity and privacy in collaboration with other Business Unit Attorneys, Business Unit Compliance Officers, Business Unit Information Security Officers, Global Privacy Office, Human Resources, Internal Audit, Corporate IT, Information Security and Risk Management, and other key internal stakeholders.
The successful candidate will:
Bring a depth of knowledge and experience with cybersecurity and privacy laws and regulations and will have the ability to translate that knowledge to deliver relevant and actionable guidance to the business.
Possess excellent legal judgment and the ability to be both pragmatic/business-oriented and strategic.
Excel when working independently and collaboratively, have a record of developing strong working relationships with a diverse client base, and the ability to lead at all levels across the organization.
Integrate data points from across the company and disparate projects to provide strategic and efficiency-enabling guidance that marries business objectives with regulatory excellence.
Be comfortable in a fast-paced environment and successfully manage many projects simultaneously.
Minimum Requirements
Typically requires at least 3 years practicing cyber and/or privacy law with a firm and/or in-house experience.
A Juris Doctor degree with excellent academic credentials and member of a state bar in good standing
Critical Skills
Experience advising sophisticated clients on complex legal, regulatory, and policy questions in the areas of cybersecurity, data privacy, and data governance. Experience with global cybersecurity standards, frameworks, risk assessments, and certification processes, for example ISO/IEC 27001, NIST Cybersecurity Framework, HIPAA Security Rule, HITRUST, CMMC, SOC1 and SOC2.
Knowledge of a broad range of privacy and data protection laws, including but not limited to HIPAA, the FTC Act, TCPA, CAN-SPAM Act, state data protection and security breach laws.
Supporting the development and implementation of cybersecurity and/or privacy-related business-specific processes and procedures, training, and other controls.
Experience handling incident response, including working with third parties such as forensics investigative firms, external counsel, insurance underwriters, and law enforcement authorities, and managing regulatory investigations and litigation related to cyber incidents.
Understanding of, thirst for tackling, and ability to quickly learn (often self-teaching of) technical concepts and advanced knowledge of trends and issues applicable to cybersecurity and privacy, for example data optimization, data localization, data lakes, threat hunting/threat intelligence, insider threat, and AI/machine learning.
Collaborating with internal stakeholders to support the analysis, preparation, drafting and/or negotiation of pertinent aspects of cybersecurity and/or privacy-related provisions within vendor and other 3rd party agreements such as Management Services Agreements, Master Services Agreements, SOWs, Information Security Exhibits, and Business Associate Agreements.
Supporting overall McKesson data governance efforts.
Monitoring and evaluating evolving laws, regulations and industry best practices to help maintain compliance and guide the business units toward opportunities, including reviewing, advising and supporting data rights strategy and/or advising on external influencing approaches.
Managing outside counsel when necessary.
Preferred Skills
Experience counseling participants in the healthcare industry, and CISSP, CIPP or similar professional certification.
Providing legal advice from a cybersecurity and privacy perspective concerning business transactions, including performing legal due diligence, recommending appropriate post-integration action steps, and drafting and negotiating applicable language in M&A related contracts and documents.
Advising senior management, up to and including the Board of Directors, on significant data protections and/or cybersecurity legal risks.
Interpreting and advising on the legal methodology of vulnerability testing, pen testing, monitoring, and other proactive line of defense information security strategies of an enterprise-level technical environment - guidance regarding both the how and the legal interpretation/distillation of the results.
Must be authorized to work in the US. Sponsorship is not available for this position.
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.