McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare.
We are known for delivering insights, products, and services that make quality care more accessible and affordable.
Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters.
We foster a culture where you can grow, make an impact, and are empowered to bring new ideas.
Together, we thrive as we shape the future of health for patients, our communities, and our people.
If you want to be part of tomorrow's health today, we want to hear from you.
The Privileged Access Management Operations Engineer (CyberArk) is a hands-on role within the Identity & Access Management (IAM) team, responsible for the day-to-day operations, support, and administration of the enterprise PAM platform.
This role ensures privileged accounts are securely managed, rotated, and accessible in accordance with security policies and compliance requirements.
The PAM Operations Engineer plays a critical role in incident response, operational support, audit readiness, and continuous improvement of the PAM service.
The ideal candidate is comfortable working in a fast-paced, operational environment that includes shift-based schedules and on-call responsibilities.
Key Responsibilities
Incident & Operational Support
Monitor, triage, and resolve PAM and IAM-related incidents in line with SLAs and operational procedures.
Lead or support high-priority (P1/P2) incident response, coordinating with infrastructure, security, and application teams.
Participate in root cause analysis and problem management for recurring or high-impact incidents.
Maintain accurate incident documentation in the ITSM platform.
Request & Access Management
Fulfill PAM service requests, including onboarding and off-boarding of privileged accounts, Safe creation, access changes, and policy updates.
Process privileged account rotations and manage exceptions in accordance with PAM policies.
Support application teams with secure onboarding of service accounts, credentials, and API keys.
Platform Administration
Perform routine CyberArk operational tasks, including service health checks, account reconciliation, Safe audits, and certificate renewals.
Implement approved configuration changes, hotfixes, patching, and platform upgrades following change management processes.
Compliance & Audit Support
Support internal and external audits, including SOX, SOC, and PCI DSS controls and access certifications.
Partner with risk, compliance, and audit teams to ensure IAM controls are effective and well-documented.
On-Call & Shift Coverage
Participate in 24x7 on-call rotations and provide shift-based operational support, including off-hours as required.
Ensure effective communication and handoffs across shifts to maintain operational stability.
Documentation & Continuous Improvement
Maintain and enhance operational documentation, including runbooks, SOPs, and knowledge articles.
Identify opportunities for automation, process improvement, and operational efficiency.
Qualifications
Required Qualifications
5+ years of experience in Identity and Access Management or Cybersecurity, with an operational focus.
Hands-on experience supporting CyberArk Privileged Access Management components (PVWA, CPM, PSM, SIA).
Experience with incident, problem, and change management in a production environment.
Familiarity with compliance frameworks such as SOX, HIPAA, or PCI DSS.
Strong analytical, communication, and collaboration skills.
Preferred Qualifications
Industry certifications such as CISSP, CISM, or Certified Identity and Access Manager (CIAM).
CyberArk Defender certification (strongly preferred).
Experience with scripting or automation (PowerShell, Python, or similar).
Experience working in regulated industries such as Healthcare, Financial Services, or Pharmaceuticals.
Prior experience supporting shift-based and on-call operations.
Education
Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent practical experience.
Our Base Pay Range for this position
€55,900 - €93,100
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people.
That's why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being.
Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson.
This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets.
The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.
In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
#J-*****-Ljbffr