Senior Information Security Engineering - Risk GRC, Vendor, Education Training & Awareness

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities:

·Responsible for designing, executing, and continuously improving the organization's Security Education, Training, and Awareness program using the Security Education, Training and Awareness platform. This role focuses on driving security culture, reducing human risk, and ensuring effective user behavior through targeted training, phishing simulations, and awareness initiatives.

·Support the execution of the Security Awareness program using platforms such as KnowBe4 or similar.

·Assist in deploying: Foundational security training, Role-based training modules, Remedial training campaigns

·Help manage phishing simulation campaigns (scheduled and targeted).

·Support awareness initiatives such as newsletters, security tips, and campaigns (e.g., "Scam of the Week").

·Track user participation, completion rates, and engagement metrics.

·Assist in maintaining dashboards, reports, and learner engagement data

·Assist in maintaining and updating the risk register, including risk tracking and follow-ups.

·Support risk assessments and control reviews under guidance.

·Help monitor policy compliance and track remediation of identified gaps or exceptions.

·Maintain documentation for Policy exceptions, Risk acceptances, & Control assessment results

·Assist in generating periodic reports and dashboards for risks, policies, and controls.

·Support audits by gathering evidence and preparing required documentation.

·Support onboarding of vendors into the risk assessment process.

·Assist in conducting product/vendor risk assessments using defined questionnaires/templates/platform

·Track vendor remediation actions and follow-ups.

·Maintain vendor risk records and documentation in GRC tools.

Communicate professionally with stakeholders/end users through multiple communication.

·Establish an Executive dashboard to provide visibility into the goals and KPI's.

·Establish real-time actionable dashboards for Policies and Standard and Risk Management

• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• 3 + years of technical experience in Information Security

• 3+ years of experience in ETA platform used (such as KnowBe4, Proofpoint, )

• 3+ years GRC platform implementation and migration experience for different tool (such as NAVEX Service Now, LogicGate, Rsam, Perimeter)

• 3+ years IT Auditing skills and the ability to manage risk assessments / projects independently.
• Excellent communication skills both verbal and written.
• Good presentation skills particularly ability to present technology elements in manner personnel can follow and act.

• Good understanding of ISO27001 and Security Core Concepts

• Experience with federal cyber security standards (such as NIST 800-53)

Nice to Have Skills:

• Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CompTIA Security+: etc.)

• Experience with Cloud computing and understanding of how to assess Cloud related risks

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.