Vice President, GRC Enablement & Enterprise Product Services

United Health Group is a health care and well-being company that's dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, United Healthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a team that shares your passion for helping others.

Join us to start Caring. Connecting. Growing together.

You will lead the enterprise-wide design, modernization, and execution of GRC enablement capabilities that support policy governance, independent validation, strategic and technology risk management, and regulatory compliance across United Health Group. You will have enterprise-wide accountability for GRC enablement outcomes and own the enterprise GRC platform, risk and control data architecture, workflow automation, and analytics strategy-ensuring risk-informed decision-making is embedded at scale across business and technology operations.

Acting as a trusted advisor to executive leadership, Board committees, and regulators, this role shapes how risk information is surfaced, governed, and acted upon at the highest levels of the organization. It ensures the enterprise maintains a single, authoritative, and defensible system of record for risks, controls, issues, and assurance outcomes, enabling continuous readiness, executive transparency, and sustainable risk reduction aligned with NIST, ISO, NYDFS, HIPAA, HITRUST, SOX, PCI-DSS, and emerging AI governance expectations.

You'll enjoy the flexibility to work remotely
* from anywhere within the U.S. as you take on some tough challenges.

For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you'll be required to work a minimum of four days per week in-office.

Primary Responsibilities:

Enterprise GRC Enablement Strategy

* Define and execute the enterprise-wide GRC enablement strategy as a foundational capability supporting policy execution, independent validation, strategic risk oversight, and regulatory compliance

* Set enterprise standards and operating models that scale across business units, products, and regulatory environments in alignment with enterprise risk appetite and strategic objectives

GRC Platform, Data & Workflow Governance

* Own and modernize the enterprise GRC platform as the authoritative system of record for risks, controls, issues, remediation, and compliance evidence

* Govern enterprise risk and control taxonomies, data dictionaries, lineage, and traceability to support Board reporting, audits, and regulatory examinations

* Establish standards for workflow orchestration, automation, access control, and integration across cybersecurity, technology risk, compliance, and operational risk domains

Predictive & Forward-Looking Risk Intelligence

* Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance

* Enable continuous monitoring, KRIs, and early-warning indicators for emerging risks, control degradation, regulatory change, and systemic exposure

Executive, Board & Regulatory Enablement

* Deliver concise, executive- and Board-ready dashboards, metrics, and narratives that inform risk-informed decision-making and enterprise prioritization

* Support regulatory exams, audits, and independent assessments through timely, complete, and defensible evidence-based reporting

Transformation, Adoption & Change Leadership

* Drive enterprise adoption of standardized GRC processes, workflows, and data models through large-scale change leadership and executive alignment

* Lead transformation across the three lines of defense and hold accountability for measurable improvements in transparency, risk reduction, remediation cycle time, and control maturity

Design Thinking & Persona-Driven Risk Enablement

* Lead enterprise design thinking sessions to reimagine cyber and technology risk processes, focusing on simplifying user experience, reducing friction, and improving adoption across business and technology teams

* Facilitate 'Day in the Life' exercises to develop detailed personas across roles (e.g., product teams, engineers, business leaders, control owners, and risk practitioners), ensuring risk frameworks align with how work is actually performed

* Translate persona insights into practical GRC enablement capabilities, including workflow design, control integration, decision points, and automation opportunities

* Partner with cybersecurity, technology, product, and business stakeholders to ensure risk requirements are embedded directly into engineering, operations, and AI workflows rather than applied after the fact

* Drive a human-centered approach to risk management, ensuring policies, controls, and governance processes are intuitive, scalable, and aligned to real-world operating conditions

* Incorporate persona-driven insights into the continuous…