McKesson

Cybersecurity GRC Analyst – SAP Compliance & Access Controls

McKesson · Cork, Munster, Ireland · €56K–€94K/yr

Hospitals and Health Care · 10,001+ employees

23 h ago
Remote Mid (2-5 yrs) Full-time Ireland
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Manage SAP GRC processes including Access Control and Risk Management to ensure compliance with internal policies and regulatory requirements. Partner with cybersecurity and audit teams to perform SoD analysis, conduct user access reviews, and remediate control gaps.

What they look for

SAP GRC Access Control Process Control Risk Management Segregation of Duties Analysis User Access Reviews Privileged Access Monitoring IT General Controls Testing SOX Compliance Audit Readiness Risk Assessment Compliance Documentation Stakeholder Management SAP Security Administration S/4HANA Cybersecurity Governance

Requirements

Requires a degree in a related field and 4+ years of experience in cybersecurity compliance, IT audit, or SAP security. Must have hands-on experience with the SAP GRC Suite and supporting SOX compliance and ITGC testing.

Benefits

Comprehensive Benefits Physical Well-being Support Mental Well-being Support Financial Well-being Support Competitive Compensation Package Annual Bonus Long-term Incentive Opportunities

Full description

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

About the Role (Job Summary)

We're seeking a Cybersecurity GRC Analyst to support governance, risk, and compliance activities across our SAP environment. In this role, you'll help ensure compliance with internal policies, regulatory requirements, and industry standards by managing SAP GRC processes, conducting risk assessments, supporting audits, and strengthening security controls.

You will work closely with cybersecurity, SAP, audit, and business stakeholders to identify risks, monitor compliance, improve controls, and support a secure and compliant SAP platform. This position is ideal for a compliance professional who enjoys solving complex security challenges, driving process improvements, and partnering across teams to reduce organizational risk.

What You'll Do (Responsibilities)

  • Manage and support SAP GRC processes, including Access Control, Process Control, and Risk Management.
  • Perform Segregation of Duties (SoD) analysis, risk assessments, and remediation activities.
  • Conduct User Access Reviews (UARs) and Privileged Access Monitoring (PAM) to ensure appropriate access controls.
  • Support IT General Controls (ITGC) testing, SOX compliance activities, and audit readiness initiatives.
  • Identify control gaps, recommend corrective actions, and track remediation efforts through completion.
  • Develop and maintain compliance documentation, process procedures, and control evidence.
  • Partner with SAP, cybersecurity, internal audit, and business teams to address security and compliance risks.
  • Monitor compliance metrics and prepare reports for management and stakeholders.
  • Support internal and external audits by gathering evidence, responding to requests, and facilitating walkthroughs.
  • Recommend improvements to governance, risk, and compliance processes, tools, and controls to enhance efficiency and effectiveness.
  • Contribute to cybersecurity and compliance initiatives that strengthen the organization's risk management framework.

Basic Requirements

  • Degree in Information Security, Cybersecurity, Information Systems, Business, Risk Management, Audit, or a related field, or equivalent combination of education and experience.
  • Typically requires 4+ years of relevant experience in cybersecurity compliance, IT audit, governance, risk management, SAP security, or governance, risk, and compliance functions.
  • Hands-on experience with SAP GRC Suite, including Access Control, Process Control, and/or Risk Management.
  • Experience performing Segregation of Duties (SoD) analysis and remediation.
  • Experience conducting User Access Reviews and Privileged Access Monitoring activities.
  • Experience supporting ITGC testing, SOX compliance, and audit activities.
  • Experience identifying control gaps and supporting remediation efforts.
  • Strong analytical and problem-solving skills with the ability to assess risk and recommend practical solutions.
  • Experience creating and maintaining compliance documentation, audit evidence, and reports.

Preferred Skills/Experience

  • SAP security administration experience.
  • Experience supporting regulatory frameworks and compliance requirements in highly regulated industries.
  • Knowledge of cybersecurity governance, risk management, and internal control frameworks.
  • Experience with Integrated Risk Management (IRM), Governance Risk and Compliance (GRC), or Regulatory Technology (RegTech) platforms.
  • Professional certifications such as CISA, CRISC, CISSP, SAP GRC, SAP Security, or related credentials.
  • Experience with SAP S/4HANA environments.
  • Strong stakeholder management and communication skills with the ability to influence cross-functional teams.
  • Experience creating compliance dashboards, metrics, and executive reporting.

Travel / Work Environment / Physical Requirements

  • Minimal travel may be required based on business needs.
  • Position may follow a hybrid or in-office work model based on location and business requirements.
  • Ability to work at a computer and participate in virtual meetings for extended periods.

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

Our Base Pay Range for this position

€56,300 - €93,800

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.