Info Security Engineering Consultant

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

This role performs vendor risk assessment, and proactively identify and evaluate potential risks associated with a vendor's operations and products and its potential impact on client. Develops dashboards, reports, and presentations to track vendor performance.

• Establish a baseline of vendor risk, identify areas of potential exposure, develop and align vendor risk management strategies with Client's goals and objectives, and execute program ensuring consistency
• Support the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements
• Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure requirements of VRM are fully understood
• Maintain a structured internal governance framework, to ensure effective oversight of vendor risk and procurement compliance
• Help ensure strong oversight of all vendors' risks and provide business partners visibility of existing and emerging risks
• Continually reassess the operational risks associated with the function and inherent in the business
• Present reporting of high risk vendor contracts and procurement high risks / ineffective controls and highlight vendor risks and the action planned to address inadequate controls to executive management
• Lead assessment of vendor risk via pre-contract due diligence, develop mitigation plan and partner with internal stakeholders to monitor vendors
• Ability to act independently and support business partners through issue resolution process with suppliers
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

• 3.5 + years of technical experience in Information Security
• 3.5+ years experience Auditing skills and the ability to manage risk assessments / projects independently
• 3.5+ years experience in Client and Vendor interactions
• Experience on using Vendor Management tool (such as Service Now, LogicGate, Rsam)
• Proven excellent understanding of ISO27001 and Security Core Concepts
• Proven good understanding of risk acceptance and risk exceptions
• Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act
• Solid verbal and written communications skills - must have the ability effectively present recommendations
• Solid analytical skills - must be able to quickly analyze a large collection of data, then create reports and determine results

• Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CompTIA Security+: etc.)
• Experience with federal cyber security standards (such as NIST 800-53)
• Cloud computing and understanding of how to assess Cloud related risks