McKesson 2009-2010

Director of Information Technology Risk Management, 2009-2010

Promoting IT Risk Management and Compliance Program with the Business Unit CIO to influence strategic priorities.

Introduced ‘control segmentation services concepts’ bringing together business needs aligning to supporting security/compliance controls (ISO 27001, HIPPA, HITECH) to the transformation efforts of the IT infrastructure; ensuring new IT services include required controls, costing, and resources.  

Provided leadership, strategy, vendor management, and architecture guidance transitioning from CISO VPN to Juniper SSL VPN remote access for all US-based McKesson employees.

Provided leadership and management of ISO 27002 Certification across the IT infrastructure service domains of the IT Shared Services organization. To include identification and hiring of a certification body, alignment of corporate governance with IT Infrastructure to create an information security management system focused on IT shared services.