Vice President, GRC Enablement & Enterprise Product Services

UnitedHealth Group is a health care and well-being company that's dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, UnitedHealthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a team that shares your passion for helping others. Join us to start Caring. Connecting. Growing together.

You will lead the enterprise-wide design, modernization, and execution of GRC enablement capabilities that support policy governance, independent validation, strategic and technology risk management, and regulatory compliance across UnitedHealth Group. You will have enterprise-wide accountability for GRC enablement outcomes and own the enterprise GRC platform, risk and control data architecture, workflow automation, and analytics strategy-ensuring risk-informed decision-making is embedded at scale across business and technology operations.

Acting as a trusted advisor to executive leadership, Board committees, and regulators, this role shapes how risk information is surfaced, governed, and acted upon at the highest levels of the organization. It ensures the enterprise maintains a single, authoritative, and defensible system of record for risks, controls, issues, and assurance outcomes, enabling continuous readiness, executive transparency, and sustainable risk reduction aligned with NIST, ISO, NYDFS, HIPAA, HITRUST, SOX, PCI-DSS, and emerging AI governance expectations.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you'll be required to work a minimum of four days per week in-office.

Primary Responsibilities:

Enterprise GRC Enablement Strategy

• Define and execute the enterprise-wide GRC enablement strategy as a foundational capability supporting policy execution, independent validation, strategic risk oversight, and regulatory compliance
• Set enterprise standards and operating models that scale across business units, products, and regulatory environments in alignment with enterprise risk appetite and strategic objectives

GRC Platform, Data & Workflow Governance

• Own and modernize the enterprise GRC platform as the authoritative system of record for risks, controls, issues, remediation, and compliance evidence
• Govern enterprise risk and control taxonomies, data dictionaries, lineage, and traceability to support Board reporting, audits, and regulatory examinations
• Establish standards for workflow orchestration, automation, access control, and integration across cybersecurity, technology risk, compliance, and operational risk domains

Predictive & Forward-Looking Risk Intelligence

• Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance
• Enable continuous monitoring, KRIs, and early-warning indicators for emerging risks, control degradation, regulatory change, and systemic exposure

Executive, Board & Regulatory Enablement

• Deliver concise, executive- and Board-ready dashboards, metrics, and narratives that inform risk-informed decision-making and enterprise prioritization
• Support regulatory exams, audits, and independent assessments through timely, complete, and defensible evidence-based reporting

Transformation, Adoption & Change Leadership

• Drive enterprise adoption of standardized GRC processes, workflows, and data models through large-scale change leadership and executive alignment
• Lead transformation across the three lines of defense and hold accountability for measurable improvements in transparency, risk reduction, remediation cycle time, and control maturity

Design Thinking & Persona-Driven Risk Enablement

• Lead enterprise design thinking sessions to reimagine cyber and technology risk processes, focusing on simplifying user experience, reducing friction, and improving adoption across business and technology teams
• Facilitate "Day in the Life" exercises to develop detailed personas across roles (e.g., product teams, engineers, business leaders, control owners, and risk practitioners), ensuring risk frameworks align with how work is actually performed
• Translate persona insights into practical GRC enablement capabilities, including workflow design, control integration, decision points, and automation opportunities
• Partner with cybersecurity, technology, product, and business stakeholders to ensure risk requirements are embedded directly into engineering, operations, and AI workflows rather than applied after the fact
• Drive a human-centered approach to risk management, ensuring policies, controls, and governance processes are intuitive, scalable, and aligned to real-world operating conditions
• Incorporate persona-driven insights into the continuous improvement of GRC platforms, data models, and user interfaces, improving usability, adoption, and effectiveness of the enterprise risk operating model

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. 

Required Qualifications:

• 20+ years of progressive experience in enterprise risk management, GRC, governance, compliance, audit, or cybersecurity within complex, highly regulated environments
• 5+ years of leadership (Vice President level or equivalent) experience leading enterprise-wide enablement, risk, compliance, or transformation functions
• Proven success implementing and scaling enterprise GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream) with demonstrable automation and risk reduction outcomes
• Demonstrated experience supporting Board committees, executive leadership, and regulators with defensible, data-backed risk insights, including influencing decisions and shaping enterprise risk posture
• Bachelor's degree in Business, Risk Management, Information Security, Technology, Finance, Law, or equivalent experiences

Preferred Qualifications:

• Advanced degree (MBA, MS, or equivalent) 
• Professional certifications such as CRISC, CISA, CISSP, CISM, CPA and/or CIA 

Core Compentencies: 

• Strategic Enterprise Risk & GRC Enablement Leadership
• Enterprise GRC Platform, Data Architecture & Analytics
• Board, Executive & Regulatory Communication
• Predictive Risk Intelligence, Automation & AI Enablement
• Large-Scale Change Leadership & Operating Model Transformation
• Independent Assurance & Continuous Monitoring Enablement

• Cross-Enterprise Influence & Stakeholder Alignment

 *All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $200,400 to $343,500 annually based on full-time employment. We comply with all minimum wage laws as applicable.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.    

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.    

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.