Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data. This role works closely with user departments and cross-functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness.
Primary Responsibilities:
Risk & GovernanceAlign security policies and standards with IT infrastructure frameworks (ISO 27001, NIST, ITIL)Lead policy exception and risk management, including logging, assessment, and mitigationConduct vendor tier assessments, clarify tiering logic, and ensure correct application of security reviewsOversee remediation of critical/high vulnerabilities, verify aging data, and confirm with SLOs on unresolved exploitsSupport overall application security governanceCompliance & CertificationEnsure compliance with regulatory requirements (ISO 27001, NYDFS, NIST)Lead and support ISO 27001/ISMS program implementation and audits for assigned geographies/scopeMaintain and update compliance trackers, dashboards, and reporting frameworksPerform audits to identify control gaps and implement corrective action plansMonitor compliance with corrective actions and address non-compliance issuesReview and attest security attributes for applications, including MFA, orientation, data type, and access provisioningIncident Management & InvestigationFacilitate and lead security incident investigations, including physical security, fire safety, access control, and environmental controlsEnsure proper logging and escalation of incidentsCoordinate with other teams for incident related activitiesSecurity Awareness & TrainingDrive security awareness campaigns, training, and infographics for employees and contractorsTrack and report on training completion rates, phishing metrics, and awareness initiativesDevelop and communicate security content, including videos and best practicesStakeholder Engagement & CommunicationCommunicate professionally with stakeholders and end users through multiple channelsCollaborate with business, and other concerned teams for regulatory reporting and audit supportProvide consulting and support for customer audits, contract reviews, and acquired entity compliancePhysical Security & Site ComplianceConduct physical compliance walks, assess fire safety, access control, secure printing, and data privacy at sites
*** ENGLISH PROFICIENCY ASSESSMENT WILL BE REQUIRED AFTER APPLICATION ***
You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications:
8+ years of information security experienceExperience with ISO27001 (ISMS), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2Professional proficiency both with English and SpanishProven auditing skills and ability to manage risk assessments/projects independentlyProven excellent verbal and written communication skillsProven solid presentation skills, especially the ability to explain technology to non-technical personnelDemonstrated ability to work independently, meet deadlines, and maintain stakeholder confidence
Preferred Qualifications:
Certifications: CISSP, CISA, ISO27001 Lead Implementer or Lead AuditorExperience in physical security, compliance walks, and site-level assessments
Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives.
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.
#PRLinkedIn