View All Jobs 3575

Principal Information Security Auditor - Optum Serve - Remote - Remote Eligible

Lead security compliance efforts for FedRAMP and CMMC certifications
Eden Prairie, Minnesota, United States
Senior
$110,200 – 188,800 USD / year
17 hours agoBe an early applicant
UnitedHealth Group

UnitedHealth Group

A diversified health and well-being company offering a broad spectrum of products and services through two distinct platforms: UnitedHealthcare and Optum.
519 Similar Jobs at UnitedHealth Group

Principal Information Security Auditor

For those who want to invent the future of health care, here's your opportunity. We're going beyond basic care to health programs integrated across the entire continuum of care. Join us to start Caring. Connecting. Growing together.

The Principal Information Security Auditor acts as the Subject Matter Expert (SME) for cybersecurity, information security governance, risk management, and compliance across Optum Serve. This role requires collaboration with Infrastructure and Operations, ESRO, and Optum Serve Information Security teams to ensure alignment with ESRO standards and government frameworks (NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FedRAMP). The Auditor is responsible for implementing and maintaining security controls, managing security documentation, and supporting certifications such as ATOs, FedRAMP authorizations, and CMMC Level 2.

You'll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges.

For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

  • Serve as SME for information security governance, risk management, and compliance in accordance with the NIST Risk Management Framework
  • Liaise with Business and IT Groups throughout security compliance, design, planning, implementation, and continuous monitoring phases of projects
  • Advise on acquired entities and their risk portfolios
  • Develop, update, and maintain security documentation for CMMC Level 2 Certification and FedRAMP Authorization, including ATO packages (SSP, CP, CMP, IRP, POAM) and annual updates
  • Create and maintain standard operating procedures and work with multi-functional teams to uphold high-quality standards
  • Demonstrate solid understanding of cloud computing models, cloud-based environments, and cloud providers
  • Possess expertise in security architecture, operating systems, databases, networks, applications, and security tools
  • Ensure compliance with regulatory frameworks: NIST 800-53, NIST 800-171, CMMC, FedRAMP, DoD RMF
  • Implement security controls in accordance with Security Technical Implementation Guides (STIGs), CMMC certification, and ATO processes, including POAM management
  • Manage and report system risks and vulnerabilities
  • Coordinate third-party audits and oversee annual penetration tests
  • Facilitate regular discussions to identify and remediate security risks and weaknesses in systems and networks
  • Educate and communicate security requirements and procedures to all users and new employees
  • Participate in sales and marketing strategy work with internal business partners and/or external clients

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

  • Good standing with at least one of the following certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM)
  • 7+ years of information security experience, including at least five (5) years of FISMA-related experience
  • 5+ years of experience with Assessment and Authorization (A&A) and Independent Verification & Validation (IV&V)
  • United States Citizenship
  • If you are offered this position, you will be required to provide extensive personal information to obtain and maintain a suitability or determination of eligibility for a Confidential/Secret or Top Secret security clearance as a condition of your employment

Preferred Qualifications:

  • Bachelor's degree in Information Security, Cybersecurity, Computer Science, or equivalent.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $110,200 to $188,800 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

+ Show Original Job Post
Suggest a correction
























Principal Information Security Auditor - Optum Serve - Remote - Remote Eligible
Eden Prairie, Minnesota, United States
$110,200 – 188,800 USD / year
Remote
Apply to job
About UnitedHealth Group
A diversified health and well-being company offering a broad spectrum of products and services through two distinct platforms: UnitedHealthcare and Optum.