We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
McKesson Corporation jobs

Sr. Director, Cyber Engineering

McKesson Corporation
9954 Mayland Drive (Show on map)
Jun 30, 2026

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

Sr. Director, Cybersecurity Engineering

Location -Richmond, VA, USA - 9954 Mayland Drive (on-site)

The Opportunity

The Sr. Director of Cybersecurity Engineering is responsible for leading teams that engineer, implement, and continuously improve enterprise security controls and platforms across identity, endpoint, network, cloud, application, and data environments. This leader partners with the CISO organization, Technology Leadership, risk/compliance, and business stakeholders to prioritize investments, establish standards and guardrails, and ensure measurable improvements in control effectiveness, security resilience, and operational efficiency.

This role requires strong technical depth in security engineering and the leadership maturity to operate at the executive level. The Director establishes cybersecurity engineering strategy, multi-year roadmaps, and success metrics; governs an operating rhythm for delivery and reliability; and ensures outcomes are achieved across multiple teams (often through influence).

Key Responsibilities

  • Define and own the cybersecurity engineering strategy and operating model (platform engineering, control implementation, automation, reliability) aligned to business risk, technology priorities, and security architecture.

  • Establish and report executive-level metrics and scorecards (e.g., control adoption, coverage, reliability, vulnerability and misconfiguration reduction, policy compliance, engineering throughput, automation impact) and drive continuous improvement based on outcomes.

  • Own the security engineering platform portfolio: select, integrate, and manage lifecycle for security tooling and services (e.g., IAM/PAM, PKI, EDR, CSPM, vulnerability management, secrets management, WAF, DLP, SIEM/SOAR integrations) with clear service models and reliability targets.

  • Partner with architecture, engineering, and product teams to embed security into delivery (DevSecOps): define engineering standards, reusable patterns, and automated guardrails; enable teams with reference implementations and self-service capabilities.

  • Lead engineering execution for prioritized risk-reduction initiatives: hardening, segmentation, encryption, identity modernization, secure configuration baselines, vulnerability remediation automation, and resilience improvements across hybrid and cloud environments.

  • Establish governance for engineering delivery: intake and prioritization, roadmaps, architecture/engineering reviews, change management, and exception processes; ensure solutions are compliant-by-design and supported with appropriate documentation and evidence.

  • Build and lead high-performing cybersecurity engineering teams through hiring, coaching, performance management, and career development; establish standards for engineering quality, critical review, and operational discipline.

  • Manage cross-functional stakeholder relationships (Technology leaders, risk/compliance, audit, legal/privacy, and vendors) and translate technical risk and engineering tradeoffs into business impact and investment decisions.

  • Ensure security engineering services are reliable and operationally mature: define SLAs/SLOs, partner with SOC/CSIRT during incidents for engineering response and hardening, and drive post-incident corrective actions into durable platform improvements.

Minimum Requirements

  • Degree or equivalentexperience. Typically requires15+ years of professionalexperience and 10+ years ofdiversified leadership, planning,communication, organization,and people motivation skills or equivalent experience).

Skills and Qualifications

  • 15+ years of progressive cybersecurity/technology experience with demonstrated depth in building and operating security controls and platforms.

  • 10+ years leading engineering teams and/or enterprise programs, including setting strategy, defining metrics, managing budgets/vendors, and driving execution across multiple stakeholders.

  • Hands-on and leadership experience engineering security capabilities such as IAM/PAM, network security controls, endpoint security, vulnerability management, encryption/key management, secrets management, and cloud security controls.

  • Proven ability to deliver engineering outcomes at scale building standardized services, defining SLAs/SLOs, automating controls, and driving adoption across diverse technology stacks.

  • Executive-ready communication and stakeholder management skills, including the ability to present risk, progress, and investment needs to senior leadership and influence decisions.

  • Demonstrated ability to set strategy, secure organizational alignment/approvals, and deliver complex engineering outcomes through multiple stakeholders (Security, Infrastructure, Cloud, Application/Product, and business teams).

  • Deep understanding of security control engineering and platforms, including IAM/PAM, PKI/certificates, network security, endpoint security, cloud security controls, encryption/key management, secrets management, vulnerability management, and secure configuration baselines.

  • Strong risk and engineering communication skills: able to translate control gaps, reliability issues, and remediation tradeoffs into business impact, present to executives, and drive decisions to closure.

  • Experience establishing oversight metrics and operational rhythms (OKRs/KPIs, service reviews, delivery governance) and using data to improve engineering throughput, automation, and control effectiveness.

  • Working knowledge of governance and regulatory expectations (e.g., NIST, ISO 27001, HIPAA/HITECH, PCI DSS, SOX, GDPR, SOC 2) and the ability to partner effectively with audit/compliance to design controls and produce evidence.

  • Track record of building high-performing engineering teams and leading with integrity, accountability, and operational discipline; known for clear communication, sound judgment, and reliable execution.

  • Experience developing multi-year roadmaps and influencing investment decisions (people, tooling, automation) to improve enterprise security control coverage and reliability.

  • Proven capability managing vendor relationships and service contracts for security platforms and managed services, including defining requirements, budgeting, and measuring performance against SLAs/SLOs.

  • Strong understanding of privacy and data handling considerations; able to partner with Legal/Privacy and HR as needed to ensure controls and monitoring are appropriate and compliant.

  • Experience operating in hybrid/cloud environments and engineering security guardrails (e.g., CSPM, cloud IAM, network segmentation, encryption, logging) in partnership with platform teams.

  • Ability to drive secure-by-design practices through DevSecOps, infrastructure-as-code, and automation (policy-as-code, CI/CD controls, secrets management), reducing friction while raising the security baseline.

  • Experience partnering with detection/response and vulnerability teams to ensure engineered controls are measurable, testable, and improve incident outcomes; sponsor exercises and continuous improvement initiatives.

  • Trusted leader who builds credibility with executives and teams through transparency, follow-through, and a strong culture of engineering excellence.

Education Requirements

  • Bachelors degree in computer science, information security/assurance, engineering, or a related field; advanced degree preferred or equivalent experience.

Certification Requirements

  • Relevant certifications (preferred): CISSP, CISM, GIAC/SANS, +, SSCP, or equivalent foundational security certification. TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus. and/or cloud/security engineering certifications aligned to the teams platforms.

About Medical-Surgical

McKesson Medical-Surgical (MMS) is a subsidiary and publicly reported segment of the McKesson Corporation. MMS distributes medical-surgical supplies, pharmaceuticals, diagnostic equipment and supplies, along with other solutions and services to virtually every type of healthcare setting and provider outside of the traditional hospital. These markets - often referred to as Alternate Care or Non-Acute Care - include physician offices, surgery centers, long-term care providers, laboratories, home health and hospice agencies, health systems, government facilities and online marketplaces and retailers.

Alternate Care markets are growing rapidly and MMS is proud to be a leader in this space. With a team of approximately 8,000 employees, a network of 15 distribution centers and approximately 900 delivery vehicles, we partner with more than 2,200 leading manufacturers and serve over 200,000 customer accounts across the U.S. Our catalog includes more than 280,000 SKUs of branded and private-label medical-surgical products - from bandages to specialty pharmaceuticals and COVID-19 tests.

Looking Ahead: A New Chapter for MMS

McKesson has announced its intent to separate MMS into an independent company - an exciting evolution that builds on MMS's strong foundation and proven leadership in the Alternate Care space. As a standalone company, MMS would be positioned to unlock new opportunities to innovate, grow and lead with even greater agility and focus. We will also continue to be one of the largest medical-surgical distributors in the U.S., with over $11B in annual sales. This separation would accelerate our mission and empower us to shape a future defined by customer-centricity, bold thinking and operational excellence. For job seekers, it's a unique moment to join a team that's already making a meaningful impact and leading the way in shaping the future of healthcare delivery in Alternate Care settings - with even greater opportunity ahead as we prepare to become an independent company.

Career Level - M5

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, pleaseclick here.

Our Base Pay Range for this position

$172,000 - $286,600

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson's (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to (United States) Disability_Accommodation@McKesson.com or (Canada) Accessibility@mckesson.ca. Resumes or CVs submitted to this email box will not be accepted.

Join us at McKesson!

Applied = 0
MORE JOBS LIKE THIS

(web-77cf7d65c7-wz29x)