Job Specifications
hackajob is collaborating with UnitedHealth Group to connect them with exceptional tech professionals for this role.
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Optum Insight partners with payers, providers, governments and life sciences companies to simplify and enhance clinical, administrative and financial processes through software-enabled services and analytics, while advancing value-based care. Our differentiated products, technology insights, clinical expertise and analytics support the entire health system - ultimately delivering better experiences for consumers.
Optum Insight Technology and Engineering is a critical function in Optum Insight driving the innovation and value we provide our customers and partners. This team is focused on products, solutions, platform / enabling capability development, product development lifecycle, engineering excellence and connectivity to Optum Technology.
As Director of Information Security at Optum, you will lead the development and execution of a comprehensive, enterprise-wide security strategy that safeguards the integrity, confidentiality, and availability of critical systems and data across the organization's diverse solutions portfolio. This role is pivotal in aligning security initiatives with business objectives and regulatory requirements, driving automation and scalability in remediation efforts, and proactively managing risk through continuous assessment, threat analysis, and incident response. You will collaborate closely with executive leadership, IT, legal, compliance, and business units to embed security into every layer of operations, while mentoring a high-performing team of security professionals and ensuring adherence to industry standards such as NIST, ISO 27001, HIPAA, and PCI-DSS.
You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.
Primary Responsibilities
Developing an integrated enterprise-wide security program across Optum solutions portfolios
Develop, implement, and maintain a comprehensive information security strategy aligned with business objectives and regulatory requirements
Analyze security assessments, vulnerability scans, and penetration test results to identify and prioritize risks
Automation of the security remediation function to be able to scale as new business enters the portfolio
Oversee the identification, assessment, and mitigation of security risks across the enterprise
Oversee the identification, assessment, and mitigation of security risks across the enterprise
Direct incident response planning and investigation of security breaches and assist with disciplinary and legal matters associated with such breaches
Collaborate with executive leadership, IT, legal, compliance, and business units to ensure security is embedded in all aspects of operations
Manage security audits, risk assessments, and compliance initiatives (e.g., ISO 27001, NIST, GDPR, HIPAA)
Lead and mentor a team of security professionals, fostering a culture of security awareness and continuous improvement
Stay current with emerging threats, technologies, and regulatory changes, and advise leadership on appropriate actions
Collaborate with IT, DevOps, and application teams to ensure timely and effective remediation
Maintain documentation of remediation activities, including risk assessments, mitigation strategies, and validation results
Ensure compliance with internal security policies, industry standards, and regulatory requirements (e.g., NIST, ISO 27001, HIPAA, PCI-DSS)
You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications
10+ years of experience in cybersecurity, with a focus on vulnerability management and remediation
Proven experience developing and implementing enterprise-wide security programs
Experience with security tools such as Defender, Tenable, Rapid7
Deep knowledge of security frameworks, standards, and regulations (e.g., NIST, ISO, CIS, SOC 2)
Solid understanding of operating systems (Windows, Linux), networking, and cloud environments (AWS, Azure, GCP)
Familiarity with scripting languages (e.g., Python, PowerShell, Bash) for automation of remediation tasks
Preferred Qualifications
Relevant certifications such as CISSP, CEH, OSCP, o