Principal Information Security Auditor - Optum Serve - Remote

For those who want to invent the future of health care, here's your opportunity. We're going beyond basic care to health programs integrated across the entire continuum of care. Join us to start Caring. Connecting. Growing together.

The Principal Information Security Auditor acts as the Subject Matter Expert (SME) for cybersecurity, information security governance, risk management, and compliance across Optum Serve. This role requires collaboration with Infrastructure and Operations, ESRO, and Optum Serve Information Security teams to ensure alignment with ESRO standards and government frameworks (NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FedRAMP). The Auditor is responsible for implementing and maintaining security controls, managing security documentation, and supporting certifications such as ATOs, FedRAMP authorizations, and CMMC Level 2.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.
For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

Governance, Risk Management, and Compliance

• Serve as SME for information security governance, risk management, and compliance in accordance with the NIST Risk Management Framework
• Liaise with Business and IT Groups throughout security compliance, design, planning, implementation, and continuous monitoring phases of projects
• Advise on acquired entities and their risk portfolios
  

Security Documentation and Certification

• Develop, update, and maintain security documentation for CMMC Level 2 Certification and FedRAMP Authorization, including ATO packages (SSP, CP, CMP, IRP, POAM) and annual updates
• Create and maintain standard operating procedures and work with multi-functional teams to uphold high-quality standards
  

Technical Expertise

• Demonstrate solid understanding of cloud computing models, cloud-based environments, and cloud providers
• Possess expertise in security architecture, operating systems, databases, networks, applications, and security tools
  

Regulatory Frameworks and Compliance Implementation

• Ensure compliance with regulatory frameworks: NIST 800-53, NIST 800-171, CMMC, FedRAMP, DoD RMF
• Implement security controls in accordance with Security Technical Implementation Guides (STIGs), CMMC certification, and ATO processes, including POAM management
  

Risk and Vulnerability Management

• Manage and report system risks and vulnerabilities
• Coordinate third-party audits and oversee annual penetration tests
• Facilitate regular discussions to identify and remediate security risks and weaknesses in systems and networks
  

Education and Communication

• Educate and communicate security requirements and procedures to all users and new employees
• Participate in sales and marketing strategy work with internal business partners and/or external clients

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Good standing with at least one of the following certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM)
• 7+ years of information security experience, including at least five (5) years of FISMA-related experience
• 5+ years of experience with Assessment and Authorization (A&A) and Independent Verification & Validation (IV&V)

• United States Citizenship

• If you are offered this position, you will be required to provide extensive personal information to obtain and maintain a suitability or determination of eligibility for a Confidential/Secret or Top Secret security clearance as a condition of your employment

Preferred Qualifications:

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or equivalent.

*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $110,200 to $188,800 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

OptumCare is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

OptumCare is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.