Optum Serve CISO

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities.

Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

As a Chief Information Security Officer (CISO) for United Health Group's Optum Serve business, you will play a critical role in safeguarding sensitive patient data and ensuring the highest level of information security across all systems and infrastructure. Your expertise in cybersecurity will be instrumental in protecting healthcare organizations from potential threats, mitigating risks, and implementing effective security measures.

The Optum Serve CISO is responsible for collaborating with senior leadership across multiple enterprise teams to help develop and execute organizational strategy for Line of Business operations and transformation objectives. This role is accountable for ensuring all work related to Optum Serve adheres to strict government regulations including, but not limited to, FISMA, FEDRAMP, NIST, CMMC and CIRCIA. The role of the Optum Serve CISO includes the development of governance, coordination, and management of an Optum Serve system security plan and development of the Optum Serve cybersecurity strategy and business planning to ensure successful execution of the broader technology and engineering deliverables associated with the enterprise business commitments to our Optum Serve customers.

You will be expected to have a clear understanding of how technology and business objectives align with Optum Serve and State security requirements to ensure that necessary security decisions are made proactively and in support of client commitments and business strategies.

You'll enjoy the flexibility to work remotely
* from anywhere within the U.S. as you take on some tough challenges.

For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you'll be required to work a minimum of four days per week in-office.

Primary Responsibilities:

* Fully understand business risks and business objectives

* Perform Senior Management Official (FSO and KM) role

* Serve as the strategic and information security leader, advising on security requirements for business initiatives and programs

* Develop and implement comprehensive information security strategies, policies, and procedures to protect confidential beneficiary data, electronic health records (EHRs), infrastructure supporting classified Optum Serve data/services and other sensitive information

* Stay updated with the latest industry standards, regulations, and best practices related to information security in healthcare and distinct cybersecurity requirements for Optum Serve data security, such as FISMA, FEDRAMP, CMMC , CIRCIA, Health Insurance Portability and Accountability Act (HIPAA)

* Conduct regular risk assessments and vulnerability tests to identify potential weaknesses in systems and networks and respond appropriately to address and mitigate those vulnerabilities

* Design and implement robust security controls, including firewalls, intrusion detection systems, encryption mechanisms, and data loss prevention solutions, to ensure the integrity, availability, and confidentiality of healthcare data

* Collaborate with cross-functional teams, including IT, compliance, legal, and executive leadership, to align security initiatives with organizational goals and priorities

* Lead incident response efforts in the event of a security breach or cyber-attack, coordinating with internal teams and external stakeholders to minimize the impact and ensure swift resolution

* Provide guidance and training to employees on information security best practices and awareness

* Assist other Technology and Business leaders in merger & acquisition activities

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

* 15+ years of information security experience in a highly regulated enterprise

* 5+ years of experience serving in a leadership capacity (Director level or above)

* 3+ years of experience reviewing security contracts

* Current active security clearance

* Demonstrated ability to engage and influence SES level government executives

* Technical security certification

* Experience with interpretation and application of policy and standards, including prior experience with healthcare compliance regulations (e.g., HIPAA, FEDRAMP)

* Experience with multiple information security frameworks…