Senior SOC Compliance Analyst

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

Job Title: SOC Compliance Senior Analyst

Current Need:

The SOC Compliance Senior Analyst will support the SOC Compliance team in leading activities to support multiple SOC audits and issuance of SOC reports across the enterprise within a large and complex environment. This role will report to the Director of SOC Compliance with the ensuring timely delivery of SOC reports, leading the discussions with external and internal resources, supervising the activities of lesser experienced staff to support SOC Compliance activities, and providing advisory to internal stakeholders.

This position will require an individual that is collaborative and able to drive discussions with external resources (e.g., external auditors), MT delivery and solution teams, as well as other internal teams executing or supporting SOC controls.

SOC Compliance Senior Responsibilities:

Supervision and Leading Others

• Assist in managing McKesson's ongoing responsibilities associated with the issuance of SOC 1 and 2 reports

• Supervise and mentor lesser experienced personnel, including temporary outside workers

• Assists with the onboarding, integration, and training of new team members

• Manage positive and collaborative relationship between corporate IT, business unit IT departments, Enterprise Financial Controls, and IT Compliance

Compliance Responsibilities

• Obtain an in-depth knowledge of the McKesson systems and processes underlying technologies and controls within the assigned SOC 1 and 2 reports

• Lead SOC 1 and 2 audit related discussions independently

• Responds to or assists control owners in responding to audit related requests (e.g. audit evidence, follow-ups, etc)

• Driving the timely and complete response to audit related requests

• Serves as a liaison between the business units, corporate Information Technology (IT), business unit IT departments, and the external auditors in all aspects of their assigned SOC 1 and 2 reports to ensure timely completion of SOC audits and SOC report issuance

• Maintain an understanding of AICPA SOC standards, and other relevant guidance issued regarding SOC 1 and SOC 2 and the impact to the SOC compliance environment

Remediation Responsibilities

• Assists in the coordination of remediation activities to address deficiencies

• Assists in discussions with management in developing remediation plans to address deficiencies

• Assists with monitoring of implementation and completion of remediation efforts

Timely delivery of SOC reports

• Assists with providing regular status updates on accomplishments, next steps, and awareness to governance and program teams

• Assists with developing detailed plans, identifying SOC project risks and possible mitigations

• Assists with identifying critical path and dependencies to other ongoing tasks impacting SOC projects

• Assists with reporting on and maintaining key measures of success for SOC Compliance efforts

Minimum Requirements

• 3+ years of experience focused on IT audit and/or compliance
• 1+ years of experience with SOC 1 or 2 reporting
• 1+ years of supervisory experience is a plus
• 1+ SOC 1 or 2 report life-cycle experience, having both SOC 1 and 2 is a plus

Additional Knowledge & Skills

• Advanced knowledge of SOC 1 and 2 report life-cycle activities

• Knowledge of all activities necessary for planning, preparing, and monitoring for continued compliance with SOC 1 and 2 audit requirements

• Knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls

• Understands how to perform control tests to assess the design and operational effectiveness of SOC controls

• Understands how to perform procedures to examine the effectiveness of IT and/or business process controls

• Able to identify gaps in control design and control operative effectiveness of controls and assist management with related remediation measures

• Understanding of process improvement and best practices

• Strong interpersonal, communication, and presentation skills, including formal report writing experience

• Performs all job responsibilities with integrity

• Effective communications skills with personnel from any grade level

• Advanced understanding and application of the AICPA SOC standards (e.g., SOC 2 Trust Services Criteria) is a plus

Education

• Undergraduate degree in business, accounting, IT, internal audit or related field with focus on information systems or equivalent work experience.

Certifications/Licensure

• CISA, CISSP, CPA, or CIA preferred

Physical Requirements: General Office Demands

Must be authorized to work in the US. Sponsorship is not available for this position.

Relocation is not budgeted for this role

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

$111,200 - $185,300

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!