Senior Data Security Architect (Data Platform Security)

McKesson is an impact-driven Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights products and services that make quality care more accessible and affordable. Here we focus on the health happiness and well-being of you and those we serve we care.

What you do at McKesson matters. We foster a culture where you can grow make an impact and are empowered to bring new ideas. Together we thrive as we shape the future of health for patients our communities and our people. If you want to be part of tomorrows health today we want to hear from you.

CoverMyMeds Technology isseeking aSenior Data Security Architect(Data Platform Security) to join our Data & Analytics organization. This is a highly specialized role responsible for defining implementing and governingenterprise-wide data security architectureacross cloud and hybrid data platforms. You will serve as the security authority across the data lifecycle ensuring that sensitive healthcare data isprotected compliant and audit-readywhile enabling scalable analytics and external data sharing. This role directly supports mission-critical healthcare operations wheresecurity privacy and trust are foundational.

* Our preferred candidate would reside in the Columbus OH area to support a hybrid work schedule but we may consider a well-qualified full-remote candidate.

*McKesson complies with all applicable U.S. immigration laws and regulations. The Company does not provide employer support or sponsorship for any immigration related employment benefit for this role.

Applicants must be currently authorized to work in the United States on a fulltime basis without the need for employer support or sponsorship now or in the future. This includes having the legal right to work in the United States without the need for McKesson support or sponsorship for any immigration related employment authorization (e.g. H1B O1 E3 H1B1 TN F1 OPT F1 STEM OPT F1 CPT etc.) now or in the future. If you will require McKessonto provide immigration support or sponsorship now or in the future you should not apply for this position.

What Youll Do:

• Own and evolve enterprise data security architectureacross Databricks Azure Data Lake and enterprise reporting platforms

• Design and enforcefine-grained data access controls(RBAC ABAC row/column-level security) using Unity Catalog and governed tagging frameworks

• Architectidentity and access management (IAM) patternsintegrating Okta Microsoft Entra ID SailPoint and privileged access platforms

• Define and implementPHI/PII protection strategies including tokenization encryption de-identification and masking across environments

• Establishsecure data sharing and multi-tenant access modelsfor external customers partners and embedded analytics

• Lead architecture fordata rights entitlements and consent-based access controls ensuring compliance with contractual and regulatory requirements

• Build and operationalizesecurity controls aligned to SOX ITGC including logical access controls change management and audit evidence frameworks

• Designaudit-ready security architecturessupporting HIPAA SOC 2 Type II and FedRAMP compliance requirements

• Partner with engineering SRE and platform teams toembed security into CI/CD pipelines platform onboarding and development standards

• Define and governdata classification tagging and lineage-aware security policiesacross medallion architectures

• Evaluate and recommendenterprise security tooling and governance platforms

• Producearchitecture artifacts(decision records control matrices audit evidence) consumable by internal and external auditors

Basic Requirements:

• Bachelors degree in Computer Science Information Systems or a related field or equivalent experience and typically requires 7 years of relevant experience indata security cybersecurity or data architecturewith significant focus in cloud-based environments

• Proven experience implementingdata security and governance controls in regulated environments(HIPAA healthcare strongly preferred)

• Strong expertise inSOX IT General Controls (ITGC)domains including logical access change management and audit controls

• Hands-on experience withDatabricks Unity Catalog security models including RBAC ABAC and data masking

• Deep knowledge ofAzure cloud security architecture including networking identity and secrets management

• Experience designingidentity and access management solutions(Okta Entra ID SailPoint privileged access tools)

• Demonstrated experience implementingencryption tokenization and de-identification strategiesfor sensitive data

• Experience designingsecure data architectures for external/customer-facing analytics products

• Ability to translateregulatory requirements into implemented technical controls and audit artifacts

• Strong communication skills with ability to present architecture concepts totechnical business and audit stakeholders

Preferred Skills / Experience:

• Experience supportingSOC 2 Type II and/or FedRAMP compliance programs

• Knowledge ofhealthcare data sharing frameworks and consent models

• Experience designingdata entitlement models and purpose-based access controls at scale

• Familiarity withFHIR-based data platforms and interoperability security

• Experience withDSPM/CSPM tools for cloud data security

• Experience implementingnon-production data masking and synthetic data solutions

• Exposure toCI/CD security architecture and service principal hardening

• Experience operating in largematrixed enterprise governance environments

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors including performance experience and skills equity regular job market evaluations and geographical markets. The pay range shown below is aligned with McKessons pay philosophy and pay will always be compliant with any applicable regulations. In addition to base pay other compensation such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson pleaseclick here.

Our Base Pay Range for this position

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKessons (or affiliated entities like CoverMyMeds or RxCrossroads) name in fraudulent emails job postings or social media light of these scams please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: .

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees without regard to race color religion sex sexual orientation gender identity national origin protected veteran status disability age genetic information or any other legally protected category. For additional information on McKessons full Equal Employment Opportunity policies visit our Equal Employment Opportunity page.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment please contact us by sending an email to (United States) or (Canada) . Resumes or CVs submitted to this email box will not be accepted.

Join us at McKesson!