Information Security Risk/ Audit Manager – Remote

UnitedHealth Group is a health care and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, UnitedHealthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a diverse team that shares your passion for helping others. Join us to start Caring. Connecting. Growing together.

 

In this challenging and rewarding role you will support the information security program for state government healthcare information systems. In this position, the Information Security Manager is a  central point of engagement for security and compliance related to company resources shared amongst state government solutions. We are searching for a seasoned subject matter expert with a passion for security and compliance, excellent communication skills, and a leadership mindset to manage the latest threats and related laws and policies governing information security. You will build relationships with enterprise control owners and client contract relationship owners as you provide support various governmental and regulatory compliance and control initiatives. There will be heavy technology and security focus as well as crossover with business processes and contracts.

 

Job Summary: 
Responsible for management, monitoring and advisory services supporting compliance activities related to company resources that are shared services. Responsible for monitoring sub-contractor compliance with security framework commitments. Positions in this function are also involved in risk analysis, audit finding/action plan management, evidence workflow management and regulatory/legal record retention.  

 

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

 

Primary Responsibilities:

• Facilitate planning internal and external assessments over shared services used by various government IT solutions
• Review all assessment evidence, assessment reports and remediation plans for assigned technology inventory; work with management to finalize issues, report content and remediation plans
• Make recommendations to improve the control design and operating effectiveness / efficiency or comply with company policies and legal / regulatory requirements
• Demonstrate and apply a clear understanding of various government control frameworks such as NIST, MARS-e, and IRS 1075 
• Develop and maintain a collaborative, value-added relationship with all team members supporting your assigned technology inventory and assist with control education and interpretation
• Assist internal and external assessment teams with understanding day to day operating procedures within assigned inventory environments and ensure test approach matches
• Review policy and procedural updates as well as operating evidence and assess for compliance to defined controls
• Maintain documentation on assigned inventory indicating current compliance model and maturity in place as well as open remediation plans and recommendations
• Coordinate and participate in the continuous monitoring program of audits/assessments, penetration testing and vulnerability scanning. 
• Conduct vulnerability and POA&M management, remediation, and reporting to leadership and customers. 
• Look for opportunities to re-use assessment evidence and reduce the assessment burden on our internal partners
• Perform vendor validations over their compliance status to ensure they are meeting contractual obligations

 

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 4+ years of IT risk controls, IT internal audit, and/or public IT accounting experience
• 2+ years of experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, NIST, MARS-E, HIPAA, SSA and IRS standards
• 2+ Prior experience working with internal and external customers developing, maintaining relationships and facilitating regulatory assessments
• 2+ Evaluating remediation activities against risk

 

Preferred Qualifications: 

• IT security certifications (e.g. CISSP CISA, CPA, and / or CIA certification) 
• Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting or related discipline  
• Current experience providing information security support to government clients 
• Proven specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework
• Experience interacting & collaborating with a variety of stakeholders (other team members, internal customers, and executives) and be able to provide measurable results without authority

 

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy.

 

California, Colorado, Connecticut, Hawaii, Nevada, New Jersey, New York, Rhode Island, Washington, Washington, D.C. Residents Only: The salary range for this role is $88,000 to $173,200 annually. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. UnitedHealth Group complies with all minimum wage laws as applicable. In addition to your salary, UnitedHealth Group offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with UnitedHealth Group, you’ll find a far-reaching choice of benefits and incentives.  

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. 

 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.   

 

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.     

 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.