McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
We are seeking a SOX & IT Compliance Analyst to support and enhance our Governance, Risk, and Compliance (GRC) program. In this role, you will help ensure compliance with Sarbanes-Oxley (SOX) requirements, support IT controls testing, manage access governance processes, and contribute to cybersecurity compliance initiatives.
You will partner with internal stakeholders, auditors, security teams, and business leaders to evaluate controls, identify risks, document evidence, and drive continuous improvement across compliance processes. This is an excellent opportunity for an experienced compliance professional who enjoys solving complex problems, improving operational effectiveness, and helping strengthen enterprise risk management practices.
- Execute and support SOX IT General Controls (ITGC) testing activities, including evidence collection, review, and documentation.
- Administer and support SAP GRC Access Control and Process Control solutions.
- Support user access reviews, segregation of duties (SoD) monitoring, and identity governance processes using SailPoint.
- Partner with business and technology teams to ensure compliance with internal controls and regulatory requirements.
- Prepare compliance reports, audit documentation, control testing results, and remediation status updates.
- Track, monitor, and report cybersecurity compliance activities, vulnerabilities, and remediation efforts.
- Conduct risk assessments and compliance reviews to identify gaps, control weaknesses, and improvement opportunities.
- Support internal and external audits by coordinating evidence requests and documenting control effectiveness.
- Assist with remediation planning and tracking for identified control deficiencies.
- Maintain process documentation, policies, standards, and compliance procedures.
- Develop and monitor key compliance metrics and performance indicators.
- Contribute to continuous improvement initiatives that enhance governance, risk management, and compliance processes.
- Bachelor's degree or equivalent combination of education and experience.
- Typically requires 4+ years of relevant professional experience in IT compliance, SOX, audit, governance, risk management, cybersecurity compliance, or related functions.
- Experience supporting SOX controls testing, audit activities, and evidence documentation.
- Hands-on experience administering or supporting SAP GRC Access Control and/or Process Control.
- Experience conducting user access reviews, Segregation of Duties (SoD) analysis, or Identity Governance activities.
- Experience supporting SailPoint Identity Governance Administration (IGA) or similar access governance platforms.
- Experience producing compliance reports, audit documentation, and remediation tracking.
- Strong analytical, problem-solving, and documentation skills.
- Experience with cybersecurity compliance, vulnerability management, and risk reporting.
- Knowledge of governance, risk, and compliance (GRC) frameworks and integrated risk management practices.
- Familiarity with regulatory requirements including SOX, access governance, and IT controls frameworks.
- Experience using compliance monitoring, compliance analytics, or reporting tools.
- Exposure to audit methodologies, risk assessments, and control effectiveness evaluations.
- Experience working with regulatory technology (RegTech) or integrated risk management solutions.
- Relevant certifications such as CISA, CRISC, CISSP, CIA, CGRC, SAP GRC, or SailPoint certifications.
- Experience working within large enterprise or highly regulated environments.
- Strong stakeholder engagement and communication skills with the ability to influence cross-functional teams.
- Primarily office-based or remote/hybrid work environment depending on business needs.
- Occasional travel may be required for team meetings, training, audit activities, or business-related events.
- Ability to work at a computer and participate in virtual meetings for extended periods.
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
Our Base Pay Range for this position
€56,300 - €93,800
McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:
McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.
McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.
McKesson job postings are posted on our career site: careers.mckesson.com.