Sr IT Risk /Audit Analyst- Eden Prairie, MN - Full-time / Part-time

UnitedHealth Group is a company that's on the rise. We're expanding in multiple directions, across borders and, most of all, in the way we think. Here, innovation isn't about another gadget, it's about transforming the health care industry. Ready to make a difference? Make yourself at home with us and start doing your life's best work.(sm)
 
**Please note that this role will require travel up to 1 week a month. There will be some flexibility to manage your own schedule and travel**We protect the confidentiality, integrity, and availability of UnitedHealth Group's information assets through the establishment, implementation and management of an Information Security Program. This includes creating, administering, and overseeing policies to ensure the prevention, detection, containment, and correction of security breaches. The purpose of the Information Risk Management Program is to ensure Management, Internal Audit, and regulators are satisfied with the security controls that are implemented, and customers and business partners are confident their information is adequately protected. Controls are reviewed on an annual basis. The requirements of the HIPAA Security Rule are reflected in the Information Security Program.
 
Responsibilities

Perform and manage Onsite Risk Assessments as per process documents
Ensure vendor compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements
Review vendor supplied policies & procedures, internal/external assessment reports, agreements and provide feedback
Provision assessment reports and executive summaries with recommendations & direction regarding remediation efforts and disposition of the third party
Communicate, escalate, and track vendor progress on assessment remediation activities
Act as a liaison & SME for internal departments & vendors to successfully manage Vendor Risk Assessment
Understand information security risks that are inherent to a business and articulate those risks in business terms
Maintain current knowledge on information security topics and their applicability program requirements
Engage VRO regarding any delays/deviations during remediation

Qualifications

Prior experience working with senior levels of management
Knowledge of different security risk assessment frameworks
Experience in examining audit reports (SSAE 16 Audit)
Knowledge and understanding of different security products (web/email filtering, disk encryption, IDS/IPS, antivirus, DLP, firewall etc.)
Knowledge of software development methodologies, application security, and OWASP Top 10 guidelines
Ability to document assessment work papers and preparing assessment report
Ability to manage vendor assessment independently with minimal supervision
Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.