• Monitor security information and event management (SIEM) systems and other security tools for suspicious activity. • Triage and prioritize security alerts and events based on their potential risk and impact. • Analyze network traffic, log data, and system alerts to identify potential security incidents. • Follow established incident response playbooks to investigate and contain security incidents. • Assist senior analysts in the root cause analysis of security breaches and vulnerabilities. • Help implement remediation steps to address detected security flaws. • Assist in performing routine vulnerability scans on internal and external systems. • Analyze scan results, identify false positives, and help prioritize vulnerabilities for remediation. • Work with IT and development teams to ensure timely patching and security updates. • Document all security incidents, investigations, and mitigation actions in a timely and accurate manner. • Help create and update standard operating procedures (SOPs) for security tasks. • Generate basic security reports on key metrics, such as the number of alerts, incidents, and resolved vulnerabilities. • Contribute to the development of training materials and participate in security awareness campaigns for employees. • Help educate colleagues on security best practices, such as phishing prevention and password hygiene.

Role Description The McKesson Technology (MT) Enterprise SOX Technology Services team is seeking a leader in SOX Governance to support investment activities for fiscal year 2027 and beyond. The leader in MT Compliance will be tasked with supporting Enterprise MT compliance leadership in planning, delivering and communicating high-priority strategic efforts that advance MT goals. This is especially important given the anticipated technological changes and growth within MT. This role will work closely with SOX, SOC, automation, architecture, finance leaders and partners to develop and execute strategies aligned to the enterprise priorities across service areas and business units at McKesson. This individual will lead ongoing operations and one-time projects that impact the MT control landscape by: - Facilitating conversations - Sequencing and prioritizing initiatives - Initiating budget, resources, and schedules - Managing partner relationships This leader will enable enterprise mindset across MT SOX functions. The role reports directly to the Senior Director, SOX Governance. Key responsibilities - Manage multiple ongoing SOX operations and initiatives - Manage and support key SOX-impacting projects by MT and business units - Manage resources supporting SOX initiatives while maintaining operating procedures, developing work plans, budget, and ensuring end-to-end execution of initiatives and projects - Develop and maintain partnerships with business and technology leaders and teams - Develop and manage high-quality deliverables, plans, and strategies - Create analytical frameworks and conduct complex business analyses - Develop robust, actionable insights to inform strategies, priorities, and key decisions - Build expertise and insights about industry trends and potential implications for McKesson especially around automation and use of A.I - Lead, influence, and reach consensus with or without formal authority or people management responsibilities - Maintain thorough knowledge of company's business lines, products, and services - Apply strategic and analytical thinking to synthesize market data and deliver business insights - Partner with SOX, SOC, architecture, automation, and business leaders to drive the strategic planning process and support other strategic updates to leadership - Leverage presentations to develop a storyline and point-of-view, while influencing and driving conviction that a given strategy makes sense among key McKesson leaders - Work within established framework to facilitate business problem solving and present hypotheses and recommendations to senior management - Work through ambiguity and put structure around problems/tasks with limited guidance Qualifications - 10+ years of Business and technology experience with minimum 5 years in SOX and SOC - Bachelor's degree required - MBA or other relevant master’s degree preferred - 10+ years of business and technology experience - 5+ years of SOX and SOC experience - 5+ years of leading and managing teams - Prior experience in healthcare preferred Requirements - Strategic thinking: evaluating industry trends, developing long-term implications, and recommending pragmatic strategies for new business opportunities - Analytical rigor: ability to bring structure to ill-defined problems and intellectual leadership to problem solving; synthesize insights from analysis and ensure credible, actionable recommendations - Financial acumen: competency in financial analysis - Communications skills: ability to develop rapport and credibility across the organization, promote ideas and present complex information in an easy-to-understand, persuasive manner Benefits - Competitive compensation package - Annual bonus or long-term incentive opportunities may be offered - Pay range: $144,400 - $240,600

Role Description The Analyst, Cloud Security is responsible for supporting Danaher standard Cloud Security tools, their operation, and reporting. This position reports to the Director, Global Cloud Security and is part of the Cyber Defense Information Technology team, and will be fully remote. In this role, you will have the opportunity to: - Operate and maintain cloud security tools to monitor, detect, and respond to security risks across cloud environments. - Maintain documentation for cloud security tools processes, procedures, and operational playbooks. - Participate in incident response activities and post-incident reviews related to cloud environments. - Write automation for data collection from various tools to generate comprehensive Cloud Security KPI metrics reporting. Qualifications - Proficiency in Python, Go, PowerShell including experience with creating automation through leveraging API interfaces. - Foundational understanding of cloud service models (IaaS, PaaS, SaaS) and shared responsibility models. - Strong Analytical & Troubleshooting Skills. Requirements - Bachelor’s degree in computer science, Information Technology, or related field. - Strong written and verbal communication skills. - Exposure to Prisma Cloud CNAPP and/or other Danaher standard tools/solutions. Benefits - Comprehensive package of benefits including paid time off, medical/dental/vision insurance, and 401(k) to eligible employees. - Eligible for bonus/incentive pay. - Flexible, remote working arrangements for eligible roles.

• Act as a contact for all security review requests, both for internal and external party systems and services • Work with Privacy, and Legal teams to complete external party risk assessments • Perform technical assessments on both internal and external/third party systems and services • Participate in the implementation, and maintenance of the external party information security risk management program as part of TNC’s overall external party due diligence review process • Participate in the assessment, monitoring, and documentation of the security posture and risk profile of external parties with access to TNC data, information, and records or to TNC systems • Participate in the security-oriented reviews of contracting-related documentation and provide security guidance to RFI/RFP/RFQ processes • Work with Privacy and Legal teams to document the classification of data, information, and records held or processed by external parties • Work with Information Technology staff to document the specifics of implemented technology solutions • Provide assessment of external party or internal system security based on provided architectural and operational documentation • Perform technical testing to validate the security-related behavior of a system, service, or piece of software • Work with business unit, IT staff, or external party to resolve any findings from security testing • Provide other Information Security teams with documentation of system configuration and expected behavior for applications and services • Provide advice and consultation to staff on information security-related policies, procedures, and best practices • Write documents for and deliver presentations to both technical and non-technical audiences • Participate in security incident response activities • Resolve issues independently within program area • Willing to work flexible hours