Senior Information Security Risk Analyst - Audit, GRC/CISA/CISSP

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data.

Primary Responsibilities:

• Perform audits to identify control gaps and implement corrective action plans  
• Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL)
• Monitor compliance with corrective action plans, and address non-compliance issues appropriately  
• Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools)  
• Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards
• Facilitate/lead security incident investigation
• Analyse business requirements and ensure that solutions meet established security policies and controls  
• Maintain metrics and report them.
• Maintain current knowledge on information security topics and their applicability program requirements
• Communicate professionally with stakeholders/end users through multiple communication

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor's degree or higher level of education  
• 6+ years of Information security experience
• Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
• Proven auditing skills and the ability to manage risk assessments / projects independently
• Proven excellent communication skills both verbal and written
• Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act

Preferred Qualification:

• CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

#njp