Director, Cybersecurity – Remote or Hybrid in DC, NC and MN

Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care’s most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together.

 

The Director of Security Incident Response (SIR) is responsible for leading the organization’s incident response program, ensuring rapid detection, containment, eradication, and recovery from cybersecurity incidents. This role provides strategic oversight, operational leadership, and continuous improvement of incident response capabilities to protect enterprise assets, data, and reputation.

 

You’ll enjoy the flexibility to work remotely* from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

 

Primary Responsibilities:
Strategic Leadership:

• Develop and maintain the enterprise-wide Incident Response Strategy, aligning with frameworks such as NIST, MITRE ATT&CK, and ISO 27035
• Establish governance for incident response, including policies, playbooks, and escalation protocols
• Serve as the primary liaison with executive leadership, legal, compliance, and communications teams during major incidents

Operational Management:

• Oversee 24/7 incident response operations, including triage, containment, forensic analysis, and remediation
• Direct Incident Response and Digital Forensic teams, ensuring readiness and resilience
• Coordinate with Cyber Threat Intelligence (CTI), Threat Hunting, and Security Operations Center teams for proactive defense and post-incident analysis
• Produce clear metrics and reporting of incident data and KPI’s
• Manage multiple projects and workstreams simultaneously

Incident Handling:

• Lead response for critical and high-severity incidents, including ransomware, data breaches, network intrusions, and advanced persistent threats (APTs)
• Ensure proper chain-of-custody for forensic evidence and compliance with regulatory requirements (e.g., HIPAA, GDPR)
• Drive root cause analysis and lessons learned to strengthen security posture

Collaboration & Communication:

• Partner with Legal, Privacy, and Compliance Officers for breach notifications and regulatory reporting
• Communicate incident status and impact to executive leadership and internal stakeholders
• Represent the organization in interactions with 3rd party incident response and legal firms
• Collaborate with Security Officers, Merger & Acquisitions, Security Architecture & Engineering, Governance and other Global Security Operation teams

Continuous Improvement:

• Conduct post-incident reviews and implement action plans
• Develop and deliver training programs for incident response teams
• Maintain awareness of emerging threats and integrate threat intelligence into response strategies

 

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field  
• CISSP, CISM, GSTRT, and other technical certifications from ISC2, CompTIA, SANS, ISACA, CSP’s, etc. 
• 10+ years of experience in cybersecurity 
• 5+ years of experience in incident response leadership of very large organizations 
• 5+ years of experience managing global 24/7 SOC/IR teams and large-scale security incidents 
• 5+ years of deep knowledge of incident response frameworks, forensic tools, EDR/XDR, Public Cloud, application security, networking and SIEM platforms 
• 3+ years of Project management experience 

• Demonstrated ability to translate technical risk into business impact 

  Preferred Qualifications:

   

• Experience in regulated industries (healthcare, finance) 
• Familiarity with cloud security and hybrid environments 
• Expertise in automation and orchestration for incident response

 

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy.

 

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The hourly pay for this role will range from $64.71 to $110.96 per hour based on full-time employment. We comply with all minimum wage laws as applicable.

 

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.

 

 

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.