Information Security Engineer Consultant

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Job Description

support information security policies, standards, and procedures to secure and protect data. Work directly with Service/Technology/Business owners and team members to ensure compliance to security policies and procedures.

Primary Responsibilities:

• Review and ensure implementation of UHG and ESRO security policies, standards and procedures
• Perform checks to identify compliance gaps on sources such as security portal, eGRC and other enterprise portals and reports to identify compliance gaps and implement corrective action plans
• Work with technology teams and ensure timely remediation of technical vulnerability
• Create executive summaries with compliance status, risk, recommendations and direction regarding remediation efforts
• Working with Subject matter experts or technical consultant on EIS policy to identify solutions where SLOs face challenge to remediate open non compliances or vulnerabilities and support them to find a solution
• Follow-up on closure of open security observations and ESRO directives on security priorities.
• Monitor compliance with corrective action plans, and address non-compliance issues appropriately
• Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools)
• Establish appropriate security controls based on defined data classifications to align with applicable laws or regulations or standards
• Facilitate security incident investigation to support SLO and security officer
• Analyze business requirements and ensure that solutions meet established security policies and controls
• Proactively review the security risk/policy exception and mitigation
• Maintain current knowledge on information security topics and their applicability program requirements. Understanding of security policies, standards and IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL)
• Communicate professionally with stakeholders/end users through multiple communication
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

• Bachelor's degree or higher level of education
• 6+ years of Information security experience
• Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
• Demonstrated ability to manage risk assessments or projects independently
• Proven excellent communication skills both verbal and written
• Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act

• CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification.