Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

This role would help to assess and prioritize information security and cybersecurity risk for our clients, risks associated with a vendor's operations and products and its potential impact on client. Facilitates compliance with regulatory requirements and information security policies and develops and reports on information security metrics.

Primary Responsibilities:

• Ensure compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements.
• Monitors information security risks and drives remediation of policy exceptions.
• Good understanding of Risk Register, risk acceptance and risk exceptions
• Establishes compliance with data privacy regulation.
• Identify process and security gaps, recommend improvements, and assist to implement corrective action.
• Identify required process improvements to proactively address risks/vulnerabilities/threats.
• Perform and manage Control/Risk Assessment and remediation of identified findings as per process documents.
• Establish a baseline of vendor risk, identify areas of potential exposure, develop and align vendor risk management strategies with Client’s goals and objectives, and execute program ensuring consistency.
• Support the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements.
• Maintain current knowledge on quality management and information security topics and their applicability program requirements.
• Serves as POC (Point of Contact) in lead’s absence.
• Create executive summaries with recommendations & direction regarding remediation efforts and disposition of the third party.
• Communicate professionally with stakeholders/end users through multiple communication.
• Define risk thresholds, develop, and implement a risk framework, remediate identified gaps, governing the process.
• Manage the process of granting and expiring exceptions to policies and control standards through the GRC platform.
• Establish real-time actionable dashboards for Policies and Standard and Risk Management
• Monthly review of High and Critical risks with risk owners and executive leadership
• Establish an Executive dashboard to provide visibility into the goals and KPI’s.
• Perform control testing to evaluate the maturity and effectiveness of implemented security controls based on HITRUST/ NIST 800-53 revision 2 Framework.

What skills/attributes are a must have:

• 5 + years of technical experience in Information Security
• 5+ years GRC platform implementation experience (such as NAVEX Service Now, LogicGate, Rsam)
• 5+ years IT Auditing skills and the ability to manage risk assessments / projects independently.
• Excellent communication skills both verbal and written.
• Good presentation skills particularly ability to present technology elements in manner personnel can follow and act.
• Good understanding of ISO27001 and Security Core Concepts
• Experience with federal cyber security standards (such as NIST 800-53)

Nice to Have Skills:

• Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CompTIA Security+: etc.)
• Experience with ISO31000 (risk management), ISO 22301 (BCMS), ISO20K (ITSM), Cloud computing and understanding of how to assess Cloud related risks

Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So, when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care must go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.

#LetsGrow

Please refer to job description.