Privileged Access Management (PAM) Operations Engineer

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

The Privileged Access Management Operations Engineer (CyberArk) is a hands-on role within the Identity & Access Management (IAM) team, responsible for the day-to-day operations, support, and administration of the enterprise PAM platform. This role ensures privileged accounts are securely managed, rotated, and accessible in accordance with security policies and compliance requirements.

The PAM Operations Engineer plays a critical role in incident response, operational support, audit readiness, and continuous improvement of the PAM service. The ideal candidate is comfortable working in a fast-paced, operational environment that includes shift-based schedules and on-call responsibilities.

Key Responsibilities

Incident & Operational Support

• Monitor, triage, and resolve PAM and IAM-related incidents in line with SLAs and operational procedures.
• Lead or support high-priority (P1/P2) incident response, coordinating with infrastructure, security, and application teams.
• Participate in root cause analysis and problem management for recurring or high-impact incidents.
• Maintain accurate incident documentation in the ITSM platform.

Request & Access Management

• Fulfill PAM service requests, including onboarding and offboarding of privileged accounts, Safe creation, access changes, and policy updates.
• Process privileged account rotations and manage exceptions in accordance with PAM policies.
• Support application teams with secure onboarding of service accounts, credentials, and API keys.

Platform Administration

• Perform routine CyberArk operational tasks, including service health checks, account reconciliation, Safe audits, and certificate renewals.
• Implement approved configuration changes, hotfixes, patching, and platform upgrades following change management processes.

Compliance & Audit Support

• Support internal and external audits, including SOX, SOC, and PCI DSS controls and access certifications.
• Partner with risk, compliance, and audit teams to ensure IAM controls are effective and well-documented.

On-Call & Shift Coverage

• Participate in 24x7 on-call rotations and provide shift-based operational support, including off-hours as required.
• Ensure effective communication and handoffs across shifts to maintain operational stability.

Documentation & Continuous Improvement

• Maintain and enhance operational documentation, including runbooks, SOPs, and knowledge articles.
• Identify opportunities for automation, process improvement, and operational efficiency.

Qualifications

Required Qualifications

• 5+ years of experience in Identity and Access Management or Cybersecurity, with an operational focus.
• Hands-on experience supporting CyberArk Privileged Access Management components (PVWA, CPM, PSM, SIA).
• Experience with incident, problem, and change management in a production environment.
• Familiarity with compliance frameworks such as SOX, HIPAA, or PCI DSS.
• Strong analytical, communication, and collaboration skills.

Preferred Qualifications

• Industry certifications such as CISSP, CISM, or Certified Identity and Access Manager (CIAM).
• CyberArk Defender certification (strongly preferred).
• Experience with scripting or automation (PowerShell, Python, or similar).
• Experience working in regulated industries such as Healthcare, Financial Services, or Pharmaceuticals.
• Prior experience supporting shift-based and on-call operations.

Education

Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent practical experience.

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.  In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. 

Our Base Pay Range for this position

€55,900 - €93,100

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.