Senior IT Security Consultant - Multiple Locations

Position Description:

UnitedHealth Group is a company that's on the rise. We're expanding in multiple directions, across borders and, most of all, in the way we think. Here, innovation isn't about another gadget, it's about transforming the health care industry. Ready to make a difference? Make yourself at home with us and start doing your life's best work.(sm)

This individual supports the
success of the company's security solution architecture, information security
advisory and consulting services and contributes to the company's security
architecture roadmap, business strategy and secure software development
lifecycle. Deliverables include clear communication of strategy, technical materials,
and on-going assessment for initiatives across the enterprise.



Specific responsibilities will include:

• Participating
  in the definition and lead programs that support the enterprise strategy
  and architecture for application security services, mechanisms and
  safeguards
• Working
  in active partnership with stakeholders to understand business
  requirements and develop supporting security principles and objectives
  that will enable the growth and evolution of UnitedHealth Group (and
  communicating those requirements to security and risk management
  stakeholders throughout the enterprise)
• Ensuring
  that operational and incident trends and observations are considered with
  regard to the evolution of the company's application security services and
  capabilities
• Communicating
  threat and vulnerability observations clearly to leaders and subject
  matter experts
• Contributing
  to consistent patterns and frameworks to evolve the company's security
  architecture and a clear, comprehensive security framework (and promoting
  those requirements through partnership with enterprise architecture and IT
  governance functions)
• Supporting
  the on-going assessment and measurement of application risk objectively
  and consistently
• Ensuring
  that risk analysis methods are embedded across architectural programs
• Providing
  consulting to business leaders in addressing their application risk
  posture
• Promoting
  a consistent risk vocabulary for application risk and controls and
  aligning that vocabulary with related compliance and business risk
  disciplines within the organization
• Developing
  metrics that demonstrate current risk state, indicators of progress, and
  business alignment for those activities
• Supporting
  other senior leaders in Information Risk Management in leveraging those
  metrics as part of the overarching risk and operational dashboard
• Coordinating
  with leaders responsible for Infrastructure Services, Application Services,
  Information Risk Governance & Compliance, Remediation and Release
  Management to justify and communicate initiatives and risk management
  outcomes and to ensure integrity of approach
• Formally
  and informally responding to customer and regulatory requests with regard
  to application security services, mechanisms and safeguards (this includes
  regular communications with regulatory, privacy and legal stakeholders and
  active participation in both internal and external audit activities)
• Recommending
  changes, when appropriate, to security policies and control standards and
  operational practices

 

• This
  individual will be reporting to the Director of Security Solution
  Architecture. In this individual contributor's role, you will be
  responsible for providing active and engaged leadership with business and
  IT teams relative to security design and review processes, as well
  security consulting expertise in support of strategic company initiatives.
  Will collaborate with UnitedHealth Group infrastructure services, application
  services and business partners to develop, document, implement, and
  monitor integrated, holistic and consistent security architecture.

Success
Factors:

• Full
  commitment to customer satisfaction and the highest ethical standards
• a
  collaborative team approach, evidenced by proven ability to influence
  individuals towards shared decisions
• Collaboration,
  adaptability and flexibility in approach to reflect different audience
  requirements
• Proven
  commitment to thought-leadership in the area of data risk management to
  include participation in industry forums, publication and contribution to
  legislative and regulatory process of value
• Proven
  ability to communicate threat and risk profiles to executives and
  individual contributors and facilitate progress towards required
  improvements
• Practical
  working knowledge of operating environments including Windows, UNIX, and
  Linux Operating Systems; complex and segmented network environments /
  services and associated security controls (firewall, VPN, IDS/IPS); Data governance
  solutions for data in development, test, staging and production
  environments; Complex and global identity and access management solutions;
  Secure software development lifecycle.

Required Qualifications:

• Bachelor's Degree or HS diploma/GED with 3+ years of equivalent experience required
• 3+ years
  of experience in providing security solution to reduce risk in one of
  these areas –
• Network – IDS/IPS,
  Advanced Malware Prevention, Firewall
  
• Data – Encryption,
  De-identification, Tagging
• Applications -
  Identity and Access Management, User Federation, SOA Security,
  Application Firewall
• 5+ years
  of experience leading complex application security projects/programs for a
  large enterprise organization
• Ability to
  provide architecture guidance secure application development from
  inception, analysis, design, development and deployment
• Ability to provide
  security consulting and advisory services to individuals, leaders, project
  teams, vendors and suppliers
• Experience
  supporting security incident response activities including detection,
  analysis, containment, response and prevention procedures
• Experience
  implementing and leading information risk management programs with regard
  to legislation, regulation and guidance at the State and Federal level,
  including SOX, HIPAA, GLB, PCI and/or CFR Part 11

Preferred Qualifications:

• Demonstrated
  architecture expertise in SaaS, PaaS, IaaS in Cloud computing
• Specific experiences in
  architecture, engineering, deployment and operational management of a
  robust application security environment
• Specific experience
  managing projects / programs from concept through implementation (
  including the rollout of supporting oversight processes) using a
  structured project management methodology across the entire project life
  cycle
• Familiarity with IT
  Governance standards including ITIL and CoBIT
• Industry-specific
  certifications, including one or more of the following: CISSP, CISA, CISM,
  GCIH or GCFA
• Experience with
  healthcare services and technical requirements of a health benefits
  company desired
• Knowledge of
  infrastructure and platform security architecture

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment. In addition, employees in certain positions are subject to random drug testing.