Vice President, Control Assurance and AI Risk Governance

 

 

 

UnitedHealth Group is a health care and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, UnitedHealthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a team that shares your passion for helping others. Join us to start Caring. Connecting. Growing together.

 

 

The person in this role will ensure that controls are effective, deficiencies remediated, and AI ethics embedded.  You will be accountable for organizational adherence to regulatory frameworks-including NYDFS, HIPAA, HITRUST, and SOX-while embedding NIST-aligned, risk-informed decision-making into business and security operations.   The role is pivotal in providing an assurance ecosystem delivering rea-time control effectiveness and proactive governance and continuous readiness.  By ensuring controls are effective, deficiencies remediated, and regulatory alignment maintained, this role enables resilience, trust, and sustainable business growth in a complex regulatory landscape.

 

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.  For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you’ll be required to work a minimum of four days per week in-office.

 

 

 

Primary Responsibilities:

 

 

 

• Establish and lead a Testing Center of Excellence (CoE). Define testing standards, methodologies, and tooling to ensure consistent execution of preventive, detective, and corrective control testing across the enterprise
• Design, implement, and validate controls.  Drive enterprise-wide control design and testing programs-covering IT, business, and AI/ML controls-to ensure effectiveness and alignment with regulatory and risk appetite expectations
• Manage the full lifecycle of control deficiencies. Govern deficiency identification, risk rating, remediation planning, and closure tracking with transparency and accountability. Provide CoE-driven reporting on remediation progress
• Oversee audit readiness and evidence collection. Standardize evidence collection processes, ensuring traceability, completeness, and reliability across the three lines of defense. Drive CoE-enabled automation to improve efficiency and reduce audit fatigue
• Expand traditional CoE testing protocols to cover AI models and governance, embedding ethical and regulatory considerations into testing frameworks
• Trigger and govern escalation workflows for AI/IT control failures. Ensure timely issue escalation and structured governance workflows for failed control tests or detected model drift, driving accountability and sustainable remediation
• Provide insights and Board-level reporting from CoE analytics. Deliver enterprise dashboards and trend analysis on control testing outcomes, deficiency root causes, and remediation performance to inform executive decision-making

 

 

 

 

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

 

 

 

Qualifications:

 

 

 

• Bachelor’s degree in Business, Information Security, Risk Management, Computer Science, or a related field (advanced degree preferred)
• Professional certifications such as: CRISC, CISA, CISSP, CISM, CPA and/or CIA highly preferred
• Proven knowledge of NIST CSF, NIST AI RMF, HITRUST, ISO 27001, NYDFS Cybersecurity Regulation, SOX, HIPAA, and PCI-DSS
• 12+ years of progressive experience in Governance, Risk, and Compliance (GRC), audit or cybersecurity
• 5+ years in a leadership role, leading through other leaders and cross-functional teams in complex, regulated industries (financial services, insurance, healthcare, or technology)
• Proven track record implementing enterprise GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, MetricStream)
• Experience leading control lifecycle management (design, testing, deficiency remediation)
• Demonstrated oversight of AI/ML risk governance, cloud adoption, and digital transformation initiatives
• Successful history of managing Board- and regulator-facing reporting, metrics, and remediation outcomes
• Deep knowledge of enterprise risk frameworks and alignment to NIST functions (Identify, Protect, Detect, Respond, Recover)
• Ability to govern both traditional IT/business controls and emerging AI/ML model governance, including bias, fairness, and explainability
• Solid leadership, communication, and stakeholder engagement skills, with ability to influence executive leadership and Boards  
• Analytical mindset with expertise in metrics, dashboards, and risk appetite reporting
• Skilled in leading cross-functional governance forums (policy councils, issue management boards, risk committees)
• High adaptability, with proven ability to integrate new regulatory requirements into enterprise governance structures

 

 

 

 

 

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The salary for this role will range from $200,400 to $343,500 annually based on full-time employment. We comply with all minimum wage laws as applicable.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.

 

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.