Senior Manager Information Sec Risk Management – Remote

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

 

Oversee and manage the successful execution of Information Risk Governance’s (IRG) strategy, specifically relating to Government Regulatory Security Compliance assessments. These projects would relate to, but not limited to NIST RMF, NIST CSF, NIST 800-53, FedRAMP, and StateRAMP. Is the subject matter expert for Government Regulatory Frameworks that provides technical expertise and thought leadership within the Information Risk Governance (IRG) team.

 

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

 

Primary Responsibilities:  

• Detailed below are the responsibilities (include but are not limited to) of this role within the Information Risk Governance team specific to the government regulatory security compliance frameworks
• Serve as a subject matter expert to regulatory and government security frameworks, such as NIST RMF, NIST CSF, FedRAMP, StateRAMP, CMS MARS-E, IRS1075 for resources on premises and in the cloud
• Collaborate with the stakeholders, identify compliance needs, plan the compliance assessment calendar and deliver on the planned schedule
• Guide and manage the team to develop assessment scope based upon the information system boundaries and the System Security Plan (SSP)
• Manage and execute the assessment process and deliverables by providing oversight to assessment results to include but not limited to Security Assessment Plans (SAPs) and Security Assessment Reports (SARs)
• Stay up to date with the latest best practices, industry trends, and government security regulations to proactively identify the need for compliance and related evaluation
• Manage advisory projects to improve systems security posture and compliance to government and regulatory requirements. This could involve identifying upcoming/applicable Government regulations, providing consultation to improve security control design, determine if the controls produce the desired outcome to comply with company policies and legal/regulatory requirements through analysis of the system and authorization boundaries
• Ensure that processes are in place to complete assessments in accordance with the frameworks and ensure that gaps are identified, remediated, and reported
• Hire, train, manage, mentor, retain and promote team members to complete compliance projects
• Identify opportunities to evolve assessment maturity through use of automation and emerging technologies in the completion of assessments
• Help drive continuous improvement efforts in alignment with direction provided by leadership and industry standards
• Assist, review and/or respond to inquiries and help to develop business cases for government assessment efforts
• Identify and resolve operational and IT security control compliance concerns using defined processes, expertise and judgement for resources in the datacenters and the cloud
• Influence and provide input to forecasting and planning activities for the team resources
• Collaborate with external auditors and government officials during security audits and assessments
• Prepare and present reports on security governance activities, risk assessments, and compliance status to the management team and relevant government authorities
• Design IT risk assessment and reporting processes that clearly identify scope, findings, management responses and corrective actions taken to resolve identified control weaknesses and reduce IT security risks
• Maintain effective communication with all levels of management that foster a collaborative atmosphere and partner with other risk and control functions to coordinate assessments that overlap and leverage work to the solidest extent possible
• Understand the business implications of audit findings and IT security risks and coordinate with the appropriate management to develop practical and actionable business solutions in a timely, cost-effective manner
• Design internal reporting systems to measure, monitor, and track progress toward corporate goals and department objectives
• Provides thought leadership, vision, and direction for assigned teams:
  • Accountable for all decisions within the group
  • Determine team priorities to reflect the organization’s core values and deliverables
  • Develop, coach and motivate others to take actions that support and reflect the core values and desired future state
  • Develop mid-year and end-year performance reviews including setting goals and expectations
  • Set team direction, resolve problems and provide guidance to members of their own team

 

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. 

Required Qualifications: 

• Undergraduate degree or equivalent experience
• 7+ years of relevant audit/assessment experience to include cloud platforms, such as AWS, Azure, or Google Cloud
• 3+ years supervisory experience of individuals/teams
• Experience with HIPAA, FedRAMP, StateRAMP, and HITRUST
• Comprehensive understanding of US government security regulations, standards, and frameworks, including NIST Special Publications (e.g., NIST SP 800-53, NIST SP 800-171) and various other government publications (e.g., STIGs, Security Requirements Guides)

Preferred Qualifications: 

• Experience in health insurance systems
• Experience working in a complex IT environment

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy

 

California, Colorado, Connecticut, Hawaii, Nevada, New Jersey, New York, Rhode Island, Washington, Washington, D.C. Residents Only: The salary range for this role is $104,700 to $190,400 annually. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. UnitedHealth Group complies with all minimum wage laws as applicable. In addition to your salary, UnitedHealth Group offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with UnitedHealth Group, you’ll find a far-reaching choice of benefits and incentives.

 

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

 

 

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.