Skip to main content
Back to jobs

Lead Cyber Security Architect

External
McKesson logoMckesson · VA, Richmond
Full-timeHybridToday
CI/CDCloud SecurityComplianceDevSecOpsDocumentationEncryption
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


About the role

The Lead Cyber Security Architect is a senior, advanced-skill role responsible for establishing and evolving MMS security architecture, patterns, and guardrails that protect the business while enabling speed and innovation. This role partners with the Chief Information Security Officer (CISO), Technology Senior Leadership, audit/compliance, product and application owners, infrastructure, and security engineering/operations teams to drive consistent security outcomes across the enterprise. This role provides expert guidance on current security issues while anticipating where threats and technology are heading to proactively shape MMS security strategy. The Lead Cyber Security Architect is expected to think like an adversary, translate business objectives into security architecture decisions, and define target-state architectures and roadmaps. As a Lead (P5), this role sets standards and raises the bar through mentoring and coaching, critical review of deliverables, and driving measurable improvements in risk reduction and control effectiveness. The architect leads through influence (often without direct people-management authority) and ensures security architecture decisions are documented, communicated, and adopted across delivery teams.

Responsibilities

  • Own and evolve MMS security architecture reference patterns and guardrails across cloud, network, identity, endpoint, application, and data protection; ensure designs are secure-by-design and compliant-by-design.
  • Lead architecture reviews for key initiatives (new platforms, major applications, third-party integrations, and B2B/B2C capabilities); document decisions, risks, exceptions, and required compensating controls.
  • Translate security policy, risk, and regulatory obligations into practical engineering requirements, reusable design standards, and implementation guidance (e.g., templates, runbooks, and secure reference implementations).
  • Define target-state security architecture and roadmaps; drive organizational alignment and prioritization with security, technology, and business stakeholders.
  • Embed security in delivery through DevSecOps: advise on CI/CD controls, infrastructure-as-code, policy-as-code, secrets management, and secure SDLC practices; partner with engineering teams to increase automation and reduce friction.
  • Establish measurable security architecture outcomes (e.g., coverage of guardrails, reduction in high-risk exceptions, control adoption, improved detection/response maturity) and use metrics to guide continuous improvement.
  • Mentor and coach architects and engineers; perform critical self-review and peer review of deliverables to ensure high quality, accuracy, and alignment to enterprise security standards.
  • Perform other duties as assigned.
  • Minimum Requirements
  • Degree or equivalent and typically requires 10+ years of relevant experience. Less years required if has relevant Master's or Doctorate qualifications

Requirements

  • 10+ years in cybersecurity with 5+ years in security architecture, including risk management and compliance.
  • Demonstrated ability to lead complex initiatives, drive alignment, and coach others while delivering measurable security outcomes.
  • Hands-on security architecture experience, including designing guardrails/reference architectures and driving adoption across multiple teams.
  • Demonstrated experience designing security controls for sensitive data (PII/PHI) and supporting audits and compliance efforts through strong documentation and evidence-based controls.
  • Zero Trust and IAM/PAM (workforce and customer identity) design at scale; demonstrated ability to define and implement enterprise guardrails, including policy-as-code and standardized identity/network patterns.
  • Proven stakeholder leadership able to lead planning and architecture discussions, incorporate reviewer feedback, and obtain alignment and approvals for secure solutions.
  • Experience with modern security platforms a

Benefits

Health insurance

Additional Information

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you. Lead Cyber Security Architect Location: Richmond, VA, USA - 9954 Mayland Drive (on-site)


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at McKesson? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect