Risk and Threat Vulnerability Management - TVM - Analyst

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities:

• Perform end-to-end Vulnerability Management across on-prem, application, and cloud environments
• Conduct vulnerability identification, triage, prioritization, and remediation tracking
• Partner with IT and engineering teams to provide technical guidance for vulnerability remediation
• Utilize tools such as Rapid7, Tenable.io, Nessus, Security Center, Tanium, Nmap, and others for scanning and analytics
• Develop and implement strategies to improve and automate the vulnerability management lifecycle
• Provide insights using threat modeling, vulnerability trend analysis, and emerging threat intelligence
• Monitor service performance against SLAs and drive improvements in customer satisfaction
• Integrate vulnerability metrics into executive dashboards and overall risk reporting
• Ensure adherence to business agreements, policies, procedures, regulatory requirements, and control compliance mappings
• Monitor information security risks and drive remediation of policy exceptions and risk gaps
• Manage the Risk Register, including risk acceptance, risk exceptions, and risk disposition activities
• Ensure compliance with applicable data privacy regulations
• Identify process and security gaps, recommend improvements, and support corrective action implementation
• Perform and manage Control/Risk Assessments and ensure timely remediation of findings
• Define risk thresholds, enhance the risk framework, and drive remediation of governance and process gaps
• Manage policy and control exception workflows through the GRC platform
• Conduct control testing to assess maturity and effectiveness of controls aligned with HITRUST and NIST 800-53 Rev 2
• Establish a baseline of vendor risk, identify areas of exposure, and align VRM strategies with client goals
• Support the design and implementation of a consistent Vendor Risk Management program aligned with internal and regulatory requirements
• Prepare executive-level summaries with recommendations regarding third-party remediation efforts and risk disposition
• Maintain up-to-date knowledge of information security and quality management topics relevant to VRM obligation
• Create and maintain real-time dashboards for Policies, Standards, Risk Management, and TVM insights
• Conduct monthly reviews of High and Critical risks with risk owners and executive leadership
• Develop executive dashboards that provide visibility into goals, KPIs, KRIs, and risk trends
• Communicate professionally across all stakeholder levels using multiple channels
• Serve as Point of Contact (POC) in the lead's absence
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

• 5+ years of technical experience in Information Security
• 5+ years of GRC platform implementation/migration experience (NAVEX, ServiceNow, LogicGate, RSM/Rsam, Perimeter, etc.)
• 5+ years of IT Audit experience with the ability to independently manage assessments and projects
  Experience with vulnerability management lifecycle, threat modeling, and remediation oversight
• Solid understanding of ISO 27001, core security concepts, and federal cybersecurity standards (NIST 800-53)
• Proven excellent written and verbal communication skills; solid presentation skills
• Hands-on experience with vulnerability management tools (Rapid7, Tenable, Nmap, Tanium, etc.)
• Solid analytical and problem-solving abilities

• Relevant certifications: CISA, CISSP, Security+, CRISC, CISM, etc.
• 3+ years of experience directly in Threat & Vulnerability Management
• Experience with cloud computing and cloud security risk assessments
• Experience automating parts of the VM lifecycle
• Solid understanding of cloud/on-prem hybrid environments and related security risks