Business Information Security Officer, BISO - Onsite In Minnesota Or Remote Considered

Enterprise Information Security Business Information Security Officer

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions.

Business Information Security Officer is responsible for serving as a Subject Matter Expert (SME) for cybersecurity across UnitedHealthcare. This role will work directly with the Employer and Individual team to implement new technology solutions and ensure alignment with enterprise security standards.

Successful candidates in this role will be involved in leading efforts pertaining to monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, networks, databases, and web-based security. Manage vulnerability assessments and monitor systems, network, databases and web for potential system breaches. Respond to alerts from information security tools. Report, investigate, and resolve security incidents. Recommend and implement changes to enhance system security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. May oversee internal or external systems security (i.e., cloud services). Ensure that customers and users have the right access to the right systems at the right time.

If you are located in MN or DC, you will have the flexibility to work remotely* as you take on some tough challenges. This position follows a hybrid schedule with four in-office days per week.

Primary Responsibilities:

• Act as a liaison between enterprise security and business / technology leadership teams
• Serve as a Subject Matter Expert (SME) for security tool sets
• Work with security and product teams to implement new software, policy configurations and settings
• Evaluate and recommend security controls and tooling for on-premises and cloud infrastructure
• Develop innovative approaches and solve complex problems
• Create and maintain new and existing playbooks/runbooks, work with multi-functional team members to maintain high-quality work standards
• Evaluate vulnerabilities that exist and make recommendations for remediation
• Ensure day-to-day operational tasks are performed and security metrics are relevant and current
• Maintain expertise in cybersecurity, including industry trends, strategies, vulnerabilities and threats to ensure the company's assets are effectively and appropriately secured
• Participate in security incident response processes on a per-occurrence basis
• Participate in an on-call support on a rotational basis
• Review of teammate and team member work product
• Develop innovative approaches
• Sought out as expert
• Serve as a leader / mentor

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor's degree or 8+ years of experience in information security / technology operations in lieu of a degree
• 5+ years of information security / technology leadership experience
• 5+ Network / application / system vulnerability and threat management experience
• Experience with cyber security standards/organizations (such as ITIL, NIST, COBIT, IETF, IEEE)
• Experience explaining complex security issues to both technical and non-technical leaders, thru both written executive communication and presentation skills

Preferred Qualifications:

• Security+, CISSP, CISM, or CISA certification
• Experience working in a large enterprise
• Experience in the Healthcare / Insurance industries
• Experience supporting Medicare and Medicaid business models
• Experience with modern application development and design
• In-depth knowledge of cloud / security architecture

All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). The salary for this role will range from $156,400 to $268,000 annually based on full-time employment. We comply with all minimum wage laws as applicable.