Cybersecurity Manager – Military OneSource – Remote

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.  

On behalf of the Military Departments and the Guard and Reserve Components, the Department of Defense (DoD) requires a contractor to provide services in support of the Military OneSource program for military members and their families, similar to a commercial Employee Assistance Program (EAP). This program provides members of the Armed Forces and their families, about 5.2 million persons “participants” at locations worldwide, with a broad array of information and referrals to both military and civilian resources as well as counseling services.  The scope of the Military OneSource program encompasses all resources and development of resources, processes, personnel, materials, training, equipment, and technology necessary to provide service members and their families with unlimited access (via 24-hour, toll-free telephone, live video, and on-line/Internet) to stateside and international information, referral, and counseling services available through a centralized source.

This is a dynamic environment encompassing comprehensive support systems related to military members and their families. A key goal of the Military OneSource program is to ensure that the program’s resources and support reach the service members and family members who need them. The comprehensive nature of the Military OneSource program allows it to be a true “one source” of information and resources so that, once engaged, participants are encouraged to return to the program to have additional needs met.

The Cybersecurity Manager – Military OneSource is responsible for the implementation, management, security, and availability of all contractor-owned and -operated information systems, networks, applications, security controls, and end-user devices. The Cybersecurity Manager will be responsible for all IT/Cyber compliance requirements, operational procedures, documentation, and business processes required to obtain and retain compliance with the DoD RMF.  

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. 

Primary Responsibilities: 

This role has high expectations for operational excellence. Hours may vary based on location, contract, and business needs. This list of essential functions is not exhaustive and may be supplemented and changed as necessary.

• Ensure continual compliance with prevailing DoD CIO, DISA, U.S. Cyber Command, and MC&FP policies, guidance, and mandates. These requirements, while continually evolving, include, but are not limited to, the references found in the frequently updated DoD “Cybersecurity and Information Systems Information Analysis Center (CSIAC)” chart
• Continually comply with DISA Information Assurance Vulnerability Management (IAVM) programmatic mandates; DISA STIGs; DISA SRGs; DoD Port, Protocol, and Service Management (PPSM) guidance; and IT/Cyber directives and mandates from the DoD CIO, U.S. Cyber Command, DISA, and MC&FP
• Maintain compliance with Optum Serve and Federal, State, and Local regulatory, contractual, and organizational guidelines including HIPAA as outlined in training and policies/procedures, quality assurance and improvement processes
• Identify, document, and escalate external issues / high risk situations, as indicated under the direction of leadership, to ensure visibility and present courses of action for remediation
• Develop, maintain, and provide the Government with database architecture, administration, and engineering guides/SOPs, data flow documentation, data models, manuals, and (Microsoft Visio based) diagrams
• Ensure that all data collection and storage systems are DISA STIG and SRG compliant, with documented access controls, comprehensive intrusion detection and prevention, and malware protection
• Manage application and/or system-level findings, deficiencies, and/or weaknesses, using the Governments MC&FP’s Tasking, Assignments, and Reporting (TAR) platform and abide by the reporting requirements as notated in the performance work statement
• Understand and adhere to the Enterprise Architecture (EA) governance framework (e.g., principles, policies, standards, reference architectures, data-driven designs)
• Based on customer, contract requirements and best practices in the security field craft recommended security architecture, processes, technologies, and controls to meet requirements, protect our company assets and customer information with an eye to the future
• Assist with remediation planning and ensure identified gaps have been appropriately managed in order to achieve compliance
• Perform technical testing of controls for assurance and validation of IT compliance
• Recommends improvements in the current risk management process; assist in the development of internal processes for streamlining risk analysis techniques
• Upon realization of actual risk or breach Architect will become active part of remediation, and investigation team
• Participate in IT engagements e.g., involved in gathering information to new development to determine associated risks, act as a resource to others
• Required to obtain and retain official accreditation of the online resources by full compliance of DIARMF
• Work diligently with multiple internal and external customers to solve challenges in a timely and efficient manner
• Lead trainings, evaluations, and meetings for the contractors to promote continuous performance improvement
• Provide quality checks on data tracking system and operational security
• Alert individuals and leadership on deficiencies
• Prepare procedural documents, job aids, and reports in support of the Program as assigned
• Prepare cost estimates for event support contractors and review cost to ensuring fiscal responsibility
• Manage a team of security engineers who would be responsible for securing and maintaining security posture of the environment
• Mental Demands: Reading, writing, attention to detail, confidentiality, problem-solving, ad hoc decision-making skills, math skills, reasoning skills, oral communication, written communication, customer contact, multiple concurrent tasks, stress management skills, interpersonal skills
• Physical Demands: Bending, crouching, kneeling, squatting, lifting/carrying up to 50 lbs., handling (holding, grasping, turning, or otherwise working with the hand or hands), fingering (picking, pinching, fine manipulation), sitting, standing for long periods of time, and walking. Seeing and hearing alarms and settings during and after business hours and responding according to training and procedures. Setting and resetting devices with small knobs and handles

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor’s degree in Business, Management, or other field related to work under this requirement or equivalent experience
• This position is subject to MC&FP’s IT/Cyber certification, training, and knowledge mandates that are enforced by DoDD 8140.01, “Cyberspace Workforce Management.” As a result, and in accordance with MC&FP ITOD number 23-IA-002 (CUI), the Cybersecurity Manager must possess one or more of the following active certifications at the time of proposal:
  • CompTIA Advanced Security Practitioner (CASP+ CE)
  • Cisco Certified Network Professional (Security-focus) (CCNP Security)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Leadership Certification (GSLC)
  • Certified Cloud Security Professional (CCSP)
  • Certified Chief Information Security Officer (CCISO)
• 10+ years of experience managing IT and cybersecurity programs and projects of similar scope and complexity that directly support the DoD military community, including 5+ years management experience
• Proficient in Microsoft Office programs 
• Demonstrated leadership skills with the ability to prioritize, coordinate and delegate effectively        
• Demonstrated ability to lead the activities of others as well as manage and monitor performance
• Speak fluent English
• United States Citizenship
• Ability to obtain favorable adjudication following submission of Department of Defense eQuip Form SF86

Preferred Qualifications:

• Experience working in a Federal contracting environment
• Basic knowledge of Federal Acquisition Regulations (FAR)
• Possess solid customer service skills and knowledge and understanding of the military lifestyle

Soft Skills:

• Excellent verbal and written communication skills with exceptional attention to details; ability to communicate and coordinate effectively to internal and external customers on all levels
• Organize workload, set priorities, complete assignments in a timely manner and utilizes resources appropriately while complying with organizational standards
• Dedicated to building rapport with team members, internal and external customers, and management team by demonstrating a strong customer service orientation and a continuous positive image of Optum Serve 
• Solid organizational and time management skills in a goal-oriented, fast-paced environment
• Excellent critical thinking, problem solving, verbal and written communication skills 
• Ability to influence and negotiate through use of verbal, written and interpersonal means with a diverse group of people/disciplines at all levels of an organization
• Ability to implement and execute new initiatives as well as deliver results
• Ability to work independently as well as provide team leadership and management in a diverse and demanding operational environment
• Ability to thrive in ambiguous situations
• Self-starter with strong problem-solving drive and efficient work habits along with flexibility and adaptability to changing situations  
• Confident in handling sensitive and confidential information
• Possess the ability and flexibility to work to meet deadlines and client expectations

As a requirement of UnitedHealth Group’s contract with the Department of Defense, this position requires U.S. citizenship and proof of favorable adjudication following submission of Department of Defense eQuip Form SF86, (the National Agency Check Legal and Credit or NACLC). Successful completion of the NACLC process is a requirement for continued employment in this role. NACLC processing will be initiated by our TRICARE Security Officer post-offer, and can take 3-6 months for a final decision communication from the Department of Defense. Candidates will be allowed to begin employment with UnitedHealth Group in this role based on an interim clearance, and final results will be communicated as they are received. Failure to obtain final NACLC approval will result in termination from this role.

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy. 

California, Colorado, Connecticut, Hawaii, Nevada, New Jersey, New York, Rhode Island, Washington, Washington, D.C. Residents Only: The salary range for this role is $104,700 to $190,400 annually. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. UnitedHealth Group complies with all minimum wage laws as applicable. In addition to your salary, UnitedHealth Group offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with UnitedHealth Group, you’ll find a far-reaching choice of benefits and incentives.  

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.    

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law. 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.