Senior Director, Cyber Resiliency and Business Continuity

McKesson is an impact-driven Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights products and services that make quality care more accessible and affordable. Here we focus on the health happiness and well-being of you and those we serve we care.

What you do at McKesson matters. We foster a culture where you can grow make an impact and are empowered to bring new ideas. Together we thrive as we shape the future of health for patients our communities and our people. If you want to be part of tomorrows health today we want to hear from you.

McKesson is seeking an accomplished and strategic leader to serve as Senior Director Cyber Resiliency and Business Continuity. This senior leadership role will be responsible for establishing and overseeing the enterprise cybersecurity governance methodology and assurance framework for Business Continuity Planning (BCP) cyber incident recovery and operational resilience. This role ensures the organization can anticipate withstand recover from and adapt to cyber and technology disruptions while meeting regulatory audit and risk management expectations.

Operating within the Cybersecurity organization this leader provides program ownership and enterprise oversight partnering closely with Business leaders IT / Disaster Recovery teams Enterprise Risk Management Audit and Regulatory stakeholders to ensure consistency effectiveness and maturity of resiliency capabilities.

This role does not execute business continuity plans or IT recovery directly but owns the standards governance validation and assurance that ensure those activities are effective tested and aligned to enterprise risk tolerance.

Key Responsibilities:

Cyber Resiliency Governance & Strategy

• Own and maintain enterprise BCP and Cyber Resiliency policies standards and methodologies in alignment with regulatory expectations and industry frameworks

• Define roles responsibilities escalation paths and governance forums for cyber and operational resilience across the enterprise.

• Establish and mature a consistent enterprise resiliency operating model clearly delineating Cyber Business and IT / DR accountabilities.

Business Impact Analysis (BIA) Methodology & Oversight

• Own the enterprise BIA methodology including criticality tiers prioritization criteria and data quality standards.

• Ensure BIAs are consistently executed by the business with appropriate rigor and alignment to policy.

• Validate business-defined recovery objectives (e.g. RTO MTD dependencies) for completeness consistency and risk-based justification.

• Provide quality assurance and challenge to ensure BIAs reflect real operating realities and cyber threat considerations.

Program Oversight Assurance & Reporting

• Provide program-level oversight of enterprise BCP and cyber resiliency activities focusing on: Completeness Consistency Risk alignment Maturity progression.

• Develop and deliver executive reporting on resiliency posture gaps trends and remediation status.

• Track findings gaps and corrective actions across cyber business and IT domains ensuring accountability and closure.

• Measure and report program maturity against recognized frameworks and internal expectations.

Testing Exercises & Lessons Learned

• Coordinate and govern enterprise resiliency exercises including tabletop simulations and recovery validation activities.

• Ensure testing scenarios incorporate cyber-driven disruption realistic failure conditions and cross-functional dependencies.

• Lead post-exercise and post-incident lessons learned processes driving actionable improvements across policy plans and execution.

• Validate that testing outcomes result in concrete remediation and capability uplift.

Crisis Management Partnership

• Partner with Crisis Management and Incident Response leaders to ensure clear governance and escalation during major cyber disruptions alignment between cyber incident response business continuity and technology recovery.

• Provide oversight assurance that crisis processes roles and decision frameworks are defined tested and understood.

Leadership & Collaboration

• Influence senior leaders across Business IT Risk and Legal without direct authority.

• Build strong partnerships while maintaining independent challenge and assurance.

• Lead and develop a high-performing cyber resiliency team fostering a culture of accountability rigor and continuous improvement.

• Provide executive-level visibility and guidance on resiliency risks posture and prioritization.

Minimum Qualifications:

• Bachelors Degree (in Computer Science Information Security or related field) or equivalent experience. Typically requires 13 years of relative experience and 6 years of diversified leadership planning communication organization and people motivation skills (or equivalent experience).

Critical Experience/Skills:

• Extensive experience in cybersecurity operational resilience business continuity risk management or related domains with at least 5 years in a senior leadership role.

• Demonstrated experience owning enterprise-wide governance programs in a regulated environment.

• Strong knowledge of BCP cyber resiliency and resilience frameworks (e.g. ISO 22301 NIST operational resilience concepts).

• Exceptional ability to translate complex resiliency concepts into clear actionable leadership insights.

• Excellent communication and stakeholder management skills.

Preferred Experience/Skills:

• In-depth understanding of healthcare-specific cybersecurity challenges and regulations.

• Relevant industry certifications (e.g. CISSP CISM CRISC).

• Masters Degree preferred.

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors including performance experience and skills equity regular job market evaluations and geographical markets. The pay range shown below is aligned with McKessons pay philosophy and pay will always be compliant with any applicable regulations. In addition to base pay other compensation such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson pleaseclick here.

Our Base Pay Range for this position

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKessons (or affiliated entities like CoverMyMeds or RxCrossroads) name in fraudulent emails job postings or social media light of these scams please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: .

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees without regard to race color religion sex sexual orientation gender identity national origin protected veteran status disability age genetic information or any other legally protected category. For additional information on McKessons full Equal Employment Opportunity policies visit our Equal Employment Opportunity page.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment please contact us by sending an email to (United States) or (Canada) . Resumes or CVs submitted to this email box will not be accepted.

Join us at McKesson!