Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

 

Primary Responsibilities:

This role is responsible for developing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks while managing third-party risk for our clients. The position ensures adherence to regulatory requirements, internal policies, and industry standards, while proactively identifying and mitigating risks associated with internal processes and external vendorsDevelop and maintain GRC frameworks aligned with organizational goals and regulatory requirementsPerform risk assessments, maintain risk registers, and manage risk acceptance and policy exceptionsEnsure compliance with regulatory requirements for clients and internal policiesMonitor information security risks and drive remediation of policy exceptionsConduct control testing to evaluate the maturity and effectiveness of security controls (HIPAA, HITRUST, NIST 800-53)Define risk thresholds, implement risk frameworks, and remediate identified gapsManage risk and policy exceptions through GRC platformsReview High and Critical risks monthly with risk owners and executive leadershipCreate executive dashboards and reports for leadership visibility into risk posture and KPIsStay current on regulatory changes, security trends, and compliance requirementsTrack key risk register and policy exception metricsEstablish a baseline of vendor risk and identify areas of potential exposureDesign and implement a consistent Third-Party Risk Management (TPRM) program aligned with internal policy and regulatory requirementsConduct pre-contract due diligence and ongoing vendor risk assessmentsDevelop mitigation plans and partner with internal stakeholders to monitor vendor performance post-contractProvide guidance to business units and sourcing teams on VRM requirementsMaintain structured governance for vendor risk and procurement complianceEnsure compliance with SOC 1 and SOC 2 audit requirementsContinually reassess operational risks and emerging threats related to vendorsCreate executive summaries with recommendations for remediation and risk dispositionTrack key vendor-related metricsComply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

Bachelor's degree or higher level of education5 + years of technical experience in Information SecurityGRC platform implementation experience (such as NAVEX Service Now, LogicGate, Rsam)Experience with federal cyber security standards (such as NIST 800-53)Experience in performing vendor & Product assessment (manual or tool-based)Auditing skills and the ability to manage risk assessments / projects independentlyProven excellent communication skills both verbal and writtenGood presentation skills particularly ability to present technology elements in manner personnel can follow and act.Good understanding of HIPAA, HITRUST and Security Core Concepts

 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

 

Optum is a drug-free workplace. © 2025 Optum Global Solutions (Philippines) Inc. All rights reserved.