Segment Information Security Officer - OptumCare - Remote or Hybrid from MN or DC

Overview

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities.

Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

The Segment Information Security Officer (SISO) for Optum Care, Mid-America Region will work with technology teams to execute and sustain the security program and strategy. Candidate must be an innovative thinker and have a strong background in cyber security. Leveraging existing locally managed solutions and Optum solutions where applicable, this individual will lead the collective efforts including, but not limited to:

• Vulnerability & exposure management
• Information security monitoring, analysis, and response
• Investigations and data forensics
• Penetration testing
• Security metrics and reporting
• Effective leadership and solutioning skills
• Competency with industry frameworks and regulations including NIST, HIPAA, ISO, etc.
• Audit and assessment
• Identity and Access Management
• Contract reviews
• Security reviews of applications, data, and infrastructure designs, including cloud and locally hosted solutions
• Security review of network solutions including cloud architecture, firewalls, Regional Network Hub technology, data flows, voice, and video

If you are located in MN or DC, you will have the flexibility to work remotely, as well as work in the office as you take on some tough challenges.

• Ensure compliance with industry, regulatory and contractual security requirements of all products, customers, and assigned areas
• Provides analysis of and suggested solutions to complex Cyber Security issues, as well as complex conceptual analysis, building and maintaining key security and contract metrics
• Lead programs that will minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled, and processed within the organization
• Collaborates with leadership to initiate, facilitate, and promote activities to foster information security awareness within the organization
• Lead a multi-organizational security team to foster growth and continued maturation of various security programs in the organization
• Provides expertise/analysis for the management/implementation of budgets, forecasts, and resource planning strategies in support of client engagement
• Provides direction and collaboration with other senior leadership, directors, managers, and stakeholders in the mitigation of risks within the IT Security infrastructure, Business Unit Solution as well as the overall organization
• Creates a culture of physical and information security within the organization and drives behavioral changes for the business. Conducts, designs, and provides security training for staff. Initiates, facilitates, and promotes activities to foster information security awareness within the organization and related entities
• Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to evaluate the risk in the context of the organization and to mitigate risk
• Ensure that the risk management and access control needs of the organization are addressed
• Travel up to 10% of the time

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

• 5+ years of information security/ technology/ engineering/ or operations experience
• 3+ experience leading an information security team or program (manager or senior manager level)
• 3+ years of experience translating business needs and priorities into applicable IT solutions and/or strategies
• 3+ years of experience working with external auditors, regulatory bodies, and internal customers
• 3+ years of experience reviewing IT and/or security related contracts
• 3+ years of experience combining security requirements and business needs into applicable IT solutions and/or strategies
• Experience with cyber security standards/organizations (such as SOX, HIPPA, PCI DSS, ITIL, NIST, COBIT, IETF, IEEE)
• Hands-on knowledge of modern security domains:
• Identity & access management
• Cloud security (Azure, AWS, GCP)
• Network and endpoint security
• Data protection & privacy
• Security incident response
• Understanding of secure architecture principles for cloud, hybrid, and on-prem environments
• Proven solid management presence with the ability to influence local and remote personnel at varying levels (including executives, physicians, and other non-technical business leaders)
• Proven solid communicator with demonstrated…