Info Security Engineering Consultant- GRC

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

Positions in this function are involved in monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, networks, databases, and Web-based security. Conduct vulnerability assessments and monitor systems, network, databases and Web for potential system breaches. Respond to alerts from information security tools. Report, investigate, and resolve security incidents. Recommend and implement changes to enhance systems security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. May oversee internal or external systems security (i.e., cloud services). Ensure that customers and users have the right access to the right systems at the right times.

Primary Responsibilities:

• Establish a baseline of vendor risk, identify areas of potential exposure, develop and align vendor risk management strategies with Client’s goals and objectives, and execute program ensuring consistency
• Support the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements
• Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure requirements of VRM are fully understood
• Maintain a structured internal governance framework, to ensure effective oversight of vendor risk and procurement compliance
• Help ensure solid oversight of all vendors’ risks and provide business partners visibility of existing and emerging risks
• Continually reassess the operational risks associated with the function and inherent in the business
• Present reporting of high risk vendor contracts and procurement high risks / ineffective controls and highlight vendor risks and the action planned to address inadequate controls to executive management
• Lead assessment of vendor risk via pre-contract due diligence, develop mitigation plan and partner with internal stakeholders to monitor vendors
• Analyzes and investigates
• Provides explanations and interpretations within area of expertise
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Bachelor’s degree or higher level of education
• 4+ years of technical experience in Information Security
• Experience on using Vendor Management tool (such as Service Now, LogicGate, Rsam)
• Good experience in Client and Vendor interactions
• Good understanding of ISO27001, NIST 800-53 and Security Core Concepts
• Good understanding of risk acceptance and risk exceptions
• Good presentation skills particularly ability to present technology elements in manner personnel can follow and act
• Proven auditing skills and the ability to manage risk assessments / projects independently
• Proven ability to act independently and support business partners through issue resolution process with suppliers
• Proven solid verbal and written communications skills – must have the ability effectively present recommendations
• Proven solid analytical skills – must be able to quickly analyze a large collection of data, then create reports and determine results

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.