Information Security Risk Auditor - San Juan, PR

UnitedHealth Group Inc.•San Juan, PR

41d

About The Position

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data. This role works closely with user departments and cross-functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness.

Requirements

8+ years of information security experience
Experience with ISO27001 (ISMS), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
Professional proficiency both with English and Spanish
Proven auditing skills and ability to manage risk assessments/projects independently
Proven excellent verbal and written communication skills
Proven solid presentation skills, especially the ability to explain technology to non-technical personnel
Demonstrated ability to work independently, meet deadlines, and maintain stakeholder confidence

Nice To Haves

Certifications: CISSP, CISA, ISO27001 Lead Implementer or Lead Auditor
Experience in physical security, compliance walks, and site-level assessments

Responsibilities

Align security policies and standards with IT infrastructure frameworks (ISO 27001, NIST, ITIL)
Lead policy exception and risk management, including logging, assessment, and mitigation
Conduct vendor tier assessments, clarify tiering logic, and ensure correct application of security reviews
Oversee remediation of critical/high vulnerabilities, verify aging data, and confirm with SLOs on unresolved exploits
Support overall application security governance
Ensure compliance with regulatory requirements (ISO 27001, NYDFS, NIST)
Lead and support ISO 27001/ISMS program implementation and audits for assigned geographies/scope
Maintain and update compliance trackers, dashboards, and reporting frameworks
Perform audits to identify control gaps and implement corrective action plans
Monitor compliance with corrective actions and address non-compliance issues
Review and attest security attributes for applications, including MFA, orientation, data type, and access provisioning
Facilitate and lead security incident investigations, including physical security, fire safety, access control, and environmental controls
Ensure proper logging and escalation of incidents
Coordinate with other teams for incident related activities
Drive security awareness campaigns, training, and infographics for employees and contractors
Track and report on training completion rates, phishing metrics, and awareness initiatives
Develop and communicate security content, including videos and best practices
Communicate professionally with stakeholders and end users through multiple channels
Collaborate with business, and other concerned teams for regulatory reporting and audit support
Provide consulting and support for customer audits, contract reviews, and acquired entity compliance
Conduct physical compliance walks, assess fire safety, access control, secure printing, and data privacy at sites