Info Security Risk Auditor - Third Party / Supplier Risk Management

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities:

• Ensure third-party supplier's compliance to business requirements - business agreement, policies, procedures and regulations
• Lead third-party supplier security risk assessment and remediation activities

• Research, understand and analyze information security risks applicable to a supplier
• Conduct discovery call and perform risk-based assessment
• Review evidences and supporting documentations from the supplier
• Communicate identified security gaps, provide recommendations, and monitor/track progress until its completion
• Collaborate with internal stakeholders and management for any process deviations, delays or escalations

Oversee and supervise assigned analyst's work to ensure risk assessment and remediation activities are carried out effectively and efficiently

• Perform reviews of risk assessment documentation and remediation completion
• Attend and observe risk assessment and remediation meetings
• Provide support, guidance and assistance to any inquiries, concerns or challenges
• Track completion and ensure that SLA is met

Assist with the execution of the Information Risk Governance program

• Participate in solving complex problems, address issues and challenges
• Develop or support solutions for process improvement
• Contribute to training program implementation
• Lead or participates on special projects

Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• 3+ years experience/knowledge and understanding of Endpoint Protection, Network Security, Access Management, Vulnerability Management, Business Continuity, Risk Management, and Data Protection (e.g. Encryption)
• 3+ years experience working experience with various compliance frameworks and regulations like HITRUST, ISO 27001, SOC 2 Type II, PCI DSS, NIST, etc.
• Solid communication (listening, verbal, written) and presentation skills
• Advance level experience in MS Office Suite
• Ability to develop effective relationships with team members, suppliers, and internal stakeholders

Preferred Qualifications:

• 2+ years experience with Third Party / Supplier Risk Management
• 2+ years audit experience
• Ability to manage multiple priorities and effectively prioritize tasks

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Diversity creates a healthier atmosphere: Optum is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

Optum is a drug-free workplace. © 2024 Optum Global Solutions (Philippines) Inc. All rights reserved.

#LetsGrow