Sr Manager, Information Security- Remote or Hybrid in MN or DC

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Position Summary

The Sr Manager, Information Security is responsible for overseeing daily security operations and ensuring the delivery of high-quality cybersecurity services to the client. Reporting to the CISO, Client Security Lead, this role acts as the primary client-facing security expert, coordinating operational activities across matrixed service teams, and is accountable to the client for all services delivered. The position does not have direct reports but requires solid leadership and operational oversight.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

• Lead and coordinate daily security operations for the account, including monitoring, incident response, and remediation activities
• Serve as the main point of contact for client stakeholders regarding security operations, issues, and escalations
• Oversee operational delivery across matrixed service teams, ensuring alignment with client expectations and contractual obligations
• Support the implementation and maintenance of security controls, policies, and procedures in alignment with enterprise and regulatory requirements (NIST, HIPAA, HITRUST, ISO, etc)
• Collaborate with cross-functional teams to identify, evaluate, and mitigate security risks
• Oversee and participate in incident investigations, root cause analysis, and post-incident reviews
• Lead client risk efforts including third party risk assessments, vendor management and ensure third-party compliance with security and privacy requirements
• Champion a risk-based approach to security efforts and prioritization
• Translate risk findings into actionable architecture plans, standard controls, and design requirements
• Provide expert level guidance to engineering and product teams to ensure secure-by-design implementations
• Prepare and present operational security metrics and status reports to client and internal leadership
• Support business continuity and disaster recovery planning and testing as it relates to security operations
• Collaborate closely with the CISO, Client Security Lead, to ensure strategic alignment and effective execution of security initiatives
• Mentor junior team members and foster a collaborative, client-focused culture
• Oversee the implementation of new systems and ensure they are set up and configured with appropriate security controls, considering all applicable regulatory requirements and client policies
• Engage with cross-functional teams, including technical staff and business stakeholders, to ensure that security considerations are embedded throughout all project phases and to clearly articulate identified security findings

• Bachelor's degree in computer science, Information Assurance, MIS, or related field, or 7+ years of equivalent work experience
• 5+ years of experience in cybersecurity operations, risk management, or related field, including business engagement
• 5+ years of Client service orientation and stakeholder management experience
• Hands-on experience with a broad range of security tools and technologies; experience exp: CrowdStrike, Microsoft, Palo Alto, Tenable, Tanium, LogRhythm
• Experience developing risk mitigation strategies
• Leadership experience with HR accountabilities
• Experience with Federal and state regulations pertaining to data privacy and security (HIPAA, HITRUST, NIST, ISO, etc)
• Demonstrated ability to work with cross-functional teams and manage multiple priorities in a fast-paced environment

• Professional certifications such as CISSP, CISM, CRISC, or equivalent
• Experience in healthcare IT or supporting healthcare clients
• Experience with regulatory agencies and external auditors
• Experience leading distributed teams or managing vendor relationships

• Solid client service orientation and stakeholder management skills
• Analytical and problem-solving mindset
• Ability to prioritize and execute tasks under pressure
• Commitment to continuous learning and professional development
• High integrity, trustworthiness, and professionalism