Sr Director, Strategic Technology and Security Risk – Remote

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together

 

This senior role leads the design, execution, and transformation of enterprise-wide risk governance and compliance programs. Owns the enterprise policy lifecycle, regulatory alignment, and governance oversight-ensuring that policies, frameworks, and compliance programs remain current, enforceable, and measurable. Leveraging AI to anticipate regulatory change, the role embeds NIST-aligned, risk-informed decision-making into core business and security operations.

 

This role is pivotal in combining regulatory and policy lifecycle expertise with digital policy automation and predictive regulatory intelligence to ensure compliance today while modernizing governance for tomorrow.  

 

If you are located in MN or DC Hybrid, you will have the flexibility to work remotely* as you take on some tough challenges.

 

Primary Responsibilities:

• Enterprise Risk Governance & Compliance
• Lead the design and execution of enterprise-wide risk and compliance frameworks aligned with NIST, COSO, and ISO standards
• Conduct gap analyses vs. frameworks (SOX, HIPPA, PCI-DSS, NYDFS, ISO, NIST)
• Govern organizational adherence to regulatory frameworks (NYDFS, HIPAA, HITRUST, SOX, GLBA, PCI-DSS)
• Ensures policy and control frameworks remain enforceable, measurable, and relevant to evolving risks
• Policy Lifecycle Management
• Draft, update, and manage enterprise-wide policies; run attestation campaigns
• Own the enterprise policy lifecycle from development to enforcement, review, and retirement
• Leverage AI-driven insights (i.e., AI scanning, horizon reporting, risk detection) to proactively update policies in anticipation of regulatory or industry change
• Modernize lifecycle (i.e., automate workflows, integrate GRC) to drive adoption of advancing principles and approaches
• Board & Executive Engagement
• Provide Board-level reporting on enterprise risk posture, policy adherence, and compliance maturity
• Advise executives and Boards on policy and regulatory impacts
• Deliver metrics-driven insights on alignment with risk appetite, regulatory compliance, and issue remediation
• Influence strategic decisions by embedding risk-informed decision-making into executive discussions

 

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor’s degree in Business, Risk Management, Information Security, Law, or related field
• 15+ years of progressive experience in enterprise risk management, governance, compliance, and regulatory oversight within highly regulated industries (e.g., financial services, healthcare, insurance)
• 5+ years in a senior leadership role overseeing enterprise-wide risk, compliance, or policy functions
• Experience implementing and optimizing GRC platforms (e.g., Archer, ServiceNow, MetricStream)
• Deep knowledge of policy governance, regulatory change management, and control frameworks
• Familiarity with risk domains tied to AI/ML, cloud adoption, and digital transformation
• Proven track record managing enterprise risk registers, taxonomies, RCSAs, KRIs, and Board-level reporting
• Demonstrated expertise in regulatory frameworks (SOX, HIPAA, PCI-DSS, NYDFS, HITRUST, ISO, NIST)
• Successful history leading regulatory exam readiness and cross-functional coordination
• Proven background in applying AI-enabled risk forecasting, scenario analysis, and regulatory monitoring
• Proven solid analytical and forecasting skills, including scenario testing and stress modeling
• Proven executive presence with the ability to influence Boards, regulators, and senior leadership
• Proven exceptional written and verbal communication skills, with experience preparing Board-level reporting
• Proven strategic leadership ability to manage leaders of leaders and drive enterprise-wide alignment
• Proven high adaptability to emerging technologies and regulatory environments, with an emphasis on AI-driven insights
• Proven to collaborative mindset with proven ability to partner across legal, compliance, technology, and business functions

 

Preferred Qualifications:

• Advanced degree (MBA, JD, MS)
• Professional certifications such as CRISC, CISA, CISSP, CPA, CIPP, or equivalent

 

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy

 

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The salary for this role will range from $156,400 to $268,000 annually based on full-time employment. We comply with all minimum wage laws as applicable.

 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.

 

 

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.