Job Information
UnitedHealth Group Sr Info Security Risk Analyst - IT Auditing, Security Assessments in Taguig City, Philippines
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.
As an Information Security Risk Analyst, you would support information security policies, standards and procedures to secure and protect data residing on systems. Work directly with Third Party user departments to implement procedures and systems for the protection, conservation and accountability of proprietary, personal or privileged electronic data. Generally work is self-directed and not prescribed. Works with less structured, more complex issues. Serve as a resource to others.
Position in this function maintains awareness of the valuable and sensitive Third Party Relationships by demonstrating the highest degree of professionalism and collaboration in every interaction. All communications must be consultative and conversational, reacting appropriately to the varying levels of technical sophistication that will be encountered. Active listening and adaptability, without relying solely on a predefined formula, is critical to successful interactions.
Primary Responsibilities:
Lead Third Party assessments and follow-up activities with strategic Third Party relationships
Communicate professionally with Third Party stakeholders/end users through multiple communication methods, building trusting relationships
Understand and enforce General Computing Controls of Third Party organization structure
Identify security administration deficiencies, recommend improvements, and assist to implement corrective action
Develop and maintain procedure documentation
Execution of reporting (Daily/Weekly/Monthly)
Understand and scope properly Third Party organization structure to apply necessary controls to be assessed
Perform and manage Control/Risk Assessment and remediation of identified findings as per process documents
Ensure Third Party compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements
Review Third Party supplied policies & procedures, internal/external assessment reports, agreements and provide feedback
Executive summaries with recommendations & direction regarding remediation efforts and disposition of the third party
Communicate, escalate, and track Third Party remediation progress on assessment remediation activities
Understand information security risks that are inherent to a business and articulate those risks in business terms
Maintain current knowledge on information security topics and their applicability program requirements
Engage on-shore leadership regarding any escalation/delays/deviations during assessment/remediation
Work and Coach assigned analysts/mentee in terms of operational processes/ competencies
Serves as POC (Point of Contact) in lead’s absence
Conducts quality checks and provide feedback as necessary
Create reports and presentation needed for operational process
Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
3+ years of experience in IT auditing/security assessments
3+ years of experience working with senior levels of management
3+ years of Security expertise including knowledge on different security risk assessment frameworks (NIST/Octave), standards (ISO27001/HITRUST/ITIL/Cobit), and act such as (HIPAA/GLBA)
3+ years of experience in examining the SSAE 16 Audit, SOC 2, PCI DSS, NY Cyber Security and other security audit report
Knowledge and understanding of different security products (web/email filtering, disk encryption, vulnerability testing, antivirus, DLP, firewall etc.)
Knowledge on technology/software development methodologies, application security, and OWASP Top 10 guidelines
Demonstrated solid listening, communication, and presentation skills
Demonstrated good follow-up skills and detail oriented
Demonstrated ability to document assessment work papers and preparing assessment report
Demonstrated ability to manage Third Party assessment independently with minimal supervision
Preferred Qualification:
- CISA, CISSP,CPISI, ISO 27001
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Diversity creates a healthier atmosphere: Optum is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
Optum is a drug-free workplace. © 2024 Optum Global Solutions (Philippines) Inc. All rights reserved.
#LetsGrow