Vice President, Security Operations & Threat Intel

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

The Enterprise Information Security (EIS) team is the first line of defense against securing the largest healthcare company in the world against security threats.  We are focused on transformation by strengthening our cyber defenses, ransomware resiliency, mitigating vulnerabilities, and better securing all aspects of our company, globally.  We are vigilant and passionate about protecting the sensitive data of our members and providers and are committed to leveraging every tool, partnership and process needed to enhance our security posture.  It is our duty to protect the information of those we serve and help fulfill our mission of making the health care system work better for everyone.

The VP of Security Operations and Cyber Threat Intel is a critical member of the Global Cyber Defense team responsible for 24x7x365 operations in defense of our Fortune 5 healthcare company. This role is responsible for developing, implementing, and managing a comprehensive detection and response capability to protect against evolving cyber threats. This leadership role includes the management of a 100+ person globally dispersed team of cyber practitioners. 

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

Primary Responsibilities:

• Strategic Leadership

o    Develop and implement a comprehensive cyber defense operational strategy aligned with the company’s overall business objectives and cyber security transformation goals

o    Lead a highly committed global security team of about 150 people to respond to the top security challenges that the business faces, including safeguarding intellectual property and sensitive information, mitigating security risks, and protecting and maintaining critical security infrastructure

o    Serve as the primary spokesperson for cyber incidents, communicating effectively with executives and other stakeholders

o    Provide strategic leadership in operating, building, and managing cyber security operations, cyber threat intel, cyber threat hunting, and detection engineering.

o    Shape a strong security posture with comprehensive detection and containment capabilities for on-prem, cloud and emerging technologies

o    Engage with peers across the healthcare and financial services industry to identify and mitigate current global malicious activities

• Threat Intelligence:

o    Stay abreast of the latest cyber threats and vulnerabilities relevant to the healthcare and financial services industries

o    Develop and maintain a robust threat intelligence program to identify (threat hunt), analyze and prioritize potential risks

o    Build a threat intelligence program capable of supporting the global needs of the organization for purposes of understanding primary threat actors and prioritizing risk mitigations

• Incident Response and Recovery

o    Establish and maintain an effective incident response program to detect, contain, and remediate security breaches

o    Lead incident response teams during cybersecurity events, ensuring swift and effective action to minimize damage and downtime

o    Develop and implement incident response plans and processes and practice these plans on a frequent basis 

o    Be a visible cyber security leader to senior executives to ensure applicable stakeholders know and practice their roles and responsibilities in the event of a cyber event

• Security Operations

o    Set requirements and participate in the implementation and management of security technologies and tools, intrusion detection systems, and security information and event management (SIEM) platforms

o    Ensure the ongoing monitoring and analysis of security logs and alerts to identify and respond to potential threats

o    Define logging standards across all platforms

o    Conduct regular threat hunting to identify and address weaknesses in the company’s security posture

• Detection Engineering

o    Build an intelligence driven detection program capable of marrying an advanced understanding of threat actor behavior with detailed knowledge of the environments the team is charged with defending

o    Execute strategies to balance the criticality of detecting malicious activity alongside preserving long term operational effectiveness (reduce alert fatigue and response burn out)

o    Build and emplace processes as well as the supporting metrics to improve and maintain high quality detection outcomes

• Additional Responsibilities

o    Work collaboratively across cybersecurity disciplines and business units, as well as external partner organizations, to ensure the intended security posture is monitored to identify potential business impacting issues or active attacks and conducting regular cybersecurity validation

o    Partner with technology operations, event management, foundational engineering, and the information security office to extend and sustain our defensive and counter threat capabilities

o    Provide guidance, consulting and event leadership to IT operations and application teams specific to requirements that reduce the company’s threat landscape and readiness to respond cross-functionally to security and technology events that either create risk to information entrusted to the company or have the potential to impact operations

o    Collaborate with information technology in support of operational initiatives, integrated development operations (DevOps) and programs that support operational activities

o    Establish and/or evolve operational metrics that measure program outcomes and sustainability and support strategic business decisions and prioritization

o    Own shared accountability for operational execution, agenda prioritization and service management across the technology system, including achieving and maintaining performance and stability outcomes

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 15+ years of experience in cybersecurity, with at least 5 years of serving in a leadership role within an enterprise cyber security program
• 10+ years of direct accountability for identification of talent and management of individuals from both business backgrounds and technology disciplines
• Expertise in threat intelligence, incident response, and security operations, security engineering / security technologies
• Solid leadership, communication, and interpersonal skills to include written and verbal communication to executive teams
• Proven ability to effectively collaborate with cross-functional teams including communications, legal, finance, human resources and business unit leaders 
• Demonstrated proficiency in the latest principles and science used to address and combat advanced threats against commercial enterprises and systems
• Experience leading and managing individuals, program and project activities delivered in different geographies and cultures
• Demonstrated technical background and cross-functional expertise in both infrastructure and application security and proven operational leadership experience in both disciplines
• Experience protecting an integrated IT system that includes internally owned assets and those operated by third parties, including cloud service providers
• History of success collaborating with a team of diverse individuals from Operations, Business, IT, Legal, Compliance and Privacy disciplines to produce results
• Proven planning, organizational, collaboration and leadership skills
• Ability to successfully operate and drive change at all operational and organizational levels, whether directly managed or through influence, and across multiple global cultures
• Results oriented, operations focused, and data / information driven decisionmaker
• Demonstrated history of creating and operating in a continuous improvement environment
• Ability to work in and thrive in a highly energized and highly matrixed environment with proven experience influencing direction and strategies in a collaborative manner
• Selfless commitment to integrated operations with peers and leaders across a complex IT environment
• True and proven commitment to customer satisfaction and the highest ethical standards
• History of presenting to senior executives and regulatory auditors
• Proven adaptability and flexibility in approaches used to fully engage with different audiences

Preferred Qualifications:

• Proven experience projecting security as an enabler in an Agile and integrated DevOps model
• Industry-specific certifications in information security, including one or more of the following: CISSP; CISA and CISM; ITIL; PMP
• Direct experience evolving large cyber defense programs post-breach
• Experience in the healthcare and/or financial services industry
• Understanding of business processes, application, and infrastructure requirements for the healthcare industry
• Industry-specific certifications in information security, including one or more of the following: CISSP, CISA and CISM, ITIL, PMP

Additional Considerations

• High level of confidentiality and discretion due to the sensitive nature of the data and systems involved
• Expected to work flexible hours and be available on-call to respond to security incidents

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy.

The salary range for this role is $191,800 to $364,800 annually based on full-time employment. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. UnitedHealth Group complies with all minimum wage laws as applicable. In addition to your salary, UnitedHealth Group offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with UnitedHealth Group, you’ll find a far-reaching choice of benefits and incentives.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.