Optum Serve CISO

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.    

As a Chief Information Security Officer (CISO) for UnitedHealth Group's Optum Serve business, you will play a critical role in safeguarding sensitive patient data and ensuring the highest level of information security across all systems and infrastructure. Your expertise in cybersecurity will be instrumental in protecting healthcare organizations from potential threats, mitigating risks, and implementing effective security measures.

The Optum Serve CISO is responsible for collaborating with senior leadership across multiple enterprise teams to help develop and execute organizational strategy for Line of Business operations and transformation objectives. This role is accountable for ensuring all work related to Optum Serve adheres to strict government regulations including, but not limited to, FISMA, FEDRAMP, NIST, CMMC and CIRCIA. The role of the Optum Serve CISO includes the development of governance, coordination, and management of an Optum Serve system security plan and development of the Optum Serve cybersecurity strategy and business planning to ensure successful execution of the broader technology and engineering deliverables associated with the enterprise business commitments to our Optum Serve customers. You will be expected to have a clear understanding of how technology and business objectives align with Optum Serve and State security requirements to ensure that necessary security decisions are made proactively and in support of client commitments and business strategies.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you'll be required to work a minimum of four days per week in-office.

Primary Responsibilities:

• Fully understand business risks and business objectives
• Perform Senior Management Official (FSO and KM) role 
• Serve as the strategic and information security leader, advising on security requirements for business initiatives and programs
• Develop and implement comprehensive information security strategies, policies, and procedures to protect confidential beneficiary data, electronic health records (EHRs), infrastructure supporting classified Optum Serve data/services and other sensitive information 
• Stay updated with the latest industry standards, regulations, and best practices related to information security in healthcare and distinct cybersecurity requirements for Optum Serve data security, such as FISMA, FEDRAMP, CMMC , CIRCIA, Health Insurance Portability and Accountability Act (HIPAA) 
• Conduct regular risk assessments and vulnerability tests to identify potential weaknesses in systems and networks and respond appropriately to address and mitigate those vulnerabilities 
• Design and implement robust security controls, including firewalls, intrusion detection systems, encryption mechanisms, and data loss prevention solutions, to ensure the integrity, availability, and confidentiality of healthcare data 
• Collaborate with cross-functional teams, including IT, compliance, legal, and executive leadership, to align security initiatives with organizational goals and priorities 
• Lead incident response efforts in the event of a security breach or cyber-attack, coordinating with internal teams and external stakeholders to minimize the impact and ensure swift resolution 
• Provide guidance and training to employees on information security best practices and awareness 
• Assist other Technology and Business leaders in merger & acquisition activities

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. 

Required Qualifications:

• 15+ years of information security experience in a highly regulated enterprise
• 5+ years of experience serving in a leadership capacity (Director level or above)
• 3+ years of experience reviewing security contracts
• Current active security clearance 
• Demonstrated ability to engage and influence SES level government executives
• Technical security certification
• Experience with interpretation and application of policy and standards, including prior experience with healthcare compliance regulations (e.g., HIPAA, FEDRAMP)
• Experience with multiple information security frameworks (FEDRAMP, CMMC, NIST, HIPAA etc.)
• Demonstrated expertise developing and implementing information security strategies, risk management frameworks, and incident response plans
• Proven knowledge of network security, encryption technologies, identity and access management, intrusion detection/prevention systems, and vulnerability assessment tools
• Subject matter expert knowledge of the technological aspects of security across disparate healthcare, financial and industrial technology systems that underpin the healthcare ecosystem
• Risk management experience including identification, prioritization, and mitigation of risk
• Track record of success making quality, data-driven recommendations and decisions following discovery, analysis, verification, etc. 
• Executive presence, evidenced by client relationship management skills with senior management on issues and key risks to the business (presentations, executive summaries, etc.) 
• Maintains effectiveness and composure in difficult or complex situations
• Ability to negotiate and influence without authority 
• Bachelor's degree in information security technology, cyber security, or related field or equivalent experiences

Preferred Qualifications:

• CISSP/GSLC/GSTRT
• Cloud technology certifications on AWS, Azure, and/or GCP 
• TS/SCI

*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $200,400 to $343,500 annually based on full-time employment. We comply with all minimum wage laws as applicable.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.