McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
McKesson is seeking a Senior SAP GRC & SOX Compliance Analyst to lead and enhance governance, risk, and compliance activities supporting our SAP environment. This role is responsible for driving SOX compliance, IT General Controls (ITGC), SAP access controls, audit readiness, risk assessments, and remediation initiatives across critical business systems.
As a senior individual contributor, you will partner with Internal Audit, Cybersecurity, SAP Security, Identity Governance, and business stakeholders to strengthen control effectiveness, reduce risk, and ensure compliance with regulatory and company requirements. You will serve as a subject matter expert for SAP GRC Access Control, Process Control, SOX testing, and compliance monitoring while helping shape future governance and risk management strategies.
- Lead SAP SOX compliance and ITGC programmes, ensuring effective execution of governance, risk, and compliance activities.
- Configure and administer SAP GRC Access Control and Process Control solutions.
- Perform SOX controls testing, evidence collection, audit support, and compliance documentation activities.
- Monitor SAP security and compliance controls, identify gaps, and drive remediation efforts.
- Partner with Internal Audit, Cybersecurity, SAP Security, and business teams to manage compliance requirements and risk mitigation initiatives.
- Conduct risk assessments, control reviews, and root cause analysis for compliance issues and audit findings.
- Track remediation activities and ensure timely resolution of control deficiencies.
- Support SailPoint identity governance integrations and access certification processes within SAP environments.
- Evaluate cybersecurity vulnerabilities, resiliency controls, and compliance risks affecting SAP applications.
- Develop compliance reporting, dashboards, and executive-level presentations highlighting risks, trends, and recommendations.
- Monitor regulatory changes and industry best practices to maintain alignment with evolving compliance requirements.
- Mentor junior team members and provide guidance on governance, risk, and compliance processes.
- Bachelor's degree in Information Systems, Information Security, Cybersecurity, Accounting, Business, Risk Management, or a related field, or equivalent combination of education and experience.
- Typically requires 7+ years of relevant professional experience in SAP Governance, Risk & Compliance (GRC), IT Compliance, SOX Compliance, Audit, or Risk Management.
- Hands-on experience with SAP GRC Access Control and/or SAP GRC Process Control.
- Experience performing SOX controls testing, evidence collection, audit support, and compliance documentation.
- Experience supporting IT General Controls (ITGC) programmes and compliance monitoring activities.
- Experience with SailPoint Identity Governance integration or access governance processes.
- Experience managing remediation activities related to audit findings, control deficiencies, or compliance gaps.
- Knowledge of cybersecurity risk concepts, vulnerability management, and security controls related to enterprise applications.
- Professional certifications such as CISA, CISSP, CRISC, CPA, SAP Security, SAP GRC, or related credentials.
- Experience supporting large enterprise SAP environments including S/4HANA.
- Experience with Regulatory Technology (RegTech), Integrated Risk Management (IRM), or governance automation platforms.
- Strong understanding of identity and access management (IAM) concepts and segregation of duties (SoD) controls.
- Experience developing compliance metrics, dashboards, and executive reporting.
- Knowledge of NIST, COBIT, ISO 27001, COSO, and other industry control frameworks.
- Demonstrated ability to lead cross-functional initiatives and influence stakeholders at multiple levels of the organisation.
- Strong analytical, problem-solving, communication, and presentation skills.
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
Our Base Pay Range for this position
€72,000 - €120,000
McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:
McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.
McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.
McKesson job postings are posted on our career site: careers.mckesson.com.