Skip to main content
Search JobsOpen search form

Explore remote jobs

Pursue your passion and potential

Info Security Engineer - GRC and TPRM

City of Muntinglupa, Philippines + Additional locations

Caring. Connecting. Growing together.

With these values to guide us, our people are committed to making a meaningful difference in the lives of those we are honored to serve.

Info Security Engineer - GRC and TPRM

Requisition number: 2367165 Job category: Technology Primary location: City of Muntinglupa, Philippines Additional locations: Quezon City, National Capital Region | Davao City, Davao (Region XI) | Cebu City, Central Visayas | Makati, National Capital Region Date posted: 07/14/2026 Overtime status: Exempt Travel: No

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.  


This role is responsible for conducting security risk assessments of vendor-provided solutions within a healthcare environment, focusing on the protection of sensitive health information and organizational systems. This role evaluates vendor controls against frameworks such as NIST SP 800-53 and ensures alignment with HIPAA security requirements, identifying gaps and recommending mitigation strategies. The analyst leverages knowledge of U.S. healthcare technologies (e.g., EHR systems, medical devices) and associated cybersecurity risks to support informed, risk-based decision making.


Primary Responsibilities:

  • Governance, Risk & Compliance (GRC):
    • Develop and maintain GRC frameworks aligned with organizational goals and regulatory requirements
    • Perform third party risk assessments with an emphasis on solution-specific assessments, requiring a knowledge of US-based healthcare information technology
    • Ensure compliance with regulatory requirements for our clients
    • Monitor information security risks and drive remediation of policy exceptions
    • Conduct control testing to evaluate maturity and effectiveness of security controls (HIPAA/HITRUST/NIST 800-53)
    • Work with business stakeholders on defining risk thresholds, implementing risk frameworks, and remediate identified gaps
    • Stay current on regulatory changes, security trends, and compliance requirements
    • Create executive summary /reporting for executives
    • Serves as POC (Point of Contact) in lead's absence
    • Led and supported GRC platform implementation activities, including tool configuration, workflow customization, process integration, testing, and user support
  • Third-Party Risk Management (TPRM):
    • Establish a baseline of vendor risk and identify areas of potential exposure
    • Design and implement a consistent Vendor Risk Management (VRM) program with an emphasis on vendor solutions, aligned with internal policy and regulatory requirements
    • Conduct pre-contract due diligence and ongoing vendor solution risk assessments
    • Develop mitigation plans and partner with internal stakeholders to monitor vendors post-contract
    • Provide guidance to business units and sourcing teams on VRM requirements
    • Maintain structured governance for vendor risk and procurement compliance
    • Continually reassess operational risks and emerging threats related to vendors and vendor supplied solutions
    • Create executive summaries with recommendations for remediation and risk disposition
    • Track key vendor related metrics
    • Worked on Third-Party Risk Management (TPRM) platform implementation projects, including onboarding, configuration, and end-to-end lifecycle management of third-party vendors through the platform
  • Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

  • Bachelor's degree in information security, Risk Management, or related field (or equivalent experience)
  • 5+ years of experience in Governance, Risk & Compliance and/or Third-Party Risk Management
  • Solid understanding of risk management frameworks (HIPAA, HITRUST, NIST 800-53) and regulatory requirements
  • Proficiency in GRC platforms and vendor risk management tools
  • Proven excellent analytical skills with ability to interpret large datasets and create actionable reports
  • Proven solid verbal and written communication skills; ability to present recommendations to senior leadership
  • Proven ability to work independently and manage complex, less-structured issues


Preferred Qualifications:

  • Experience in developing risk frameworks and dashboards
  • Exposure to federal/state regulatory compliance requirements
  • Familiarity with healthcare technologies such HER systems, biomedical devices, SaaS, etc.
  • Familiarity with procurement processes and vendor governance
  • Proven ability to act as a point of contact and lead in absence of senior leadership


Key Competencies:

  • Risk Analysis & Assessment
  • Vendor Risk Management
  • Regulatory Compliance
  • Process Improvement
  • Stakeholder Communication
  • Problem Solving & Decision Making


At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.


Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

Benefits

Our mission of helping people live healthier lives extends to our team members. Learn more about our range of benefits designed to help you live well.

Life

Resources and support to focus on what matters most to you, in every facet of your life.

Emotional

Education, tools and resources to help you reduce and manage stress, build resilience and more.

Physical

Health plans and other coverage to support wellness for you and your loved ones.

Financial

Benefits for today and to help you plan for the future, including your retirement.

Learn more
testimonial-img-1

Optum sees the potential in every individual, paving the way for professional and personal growth through training and wellness programs. The company offers convenient learning platforms and supportive leadership, making work enjoyable and stress-free.

Norielle Ann G. S.

Clinical Claims Review RN

We’re honored to be recognized for our exceptional work culture

AGWF recognition award
2025 Campus Forward Award badge from RippleMatch
LinkedIn Top Companies 2025 award badge
Forbes Best Large Employers in the United States 2024 award badge
America’s Greatest Workplaces 2024 award badge