Sr Manager, Information Security- Remote or Hybrid in MN or DC

About The Position

Requirements

• Bachelor’s degree in computer science, Information Assurance, MIS, or related field, or 7+ years of equivalent work experience
• 5+ years of experience in cybersecurity operations, risk management, or related field, including business engagement
• 5+ years of Client service orientation and stakeholder management experience
• Hands-on experience with a broad range of security tools and technologies; experience exp: CrowdStrike, Microsoft, Palo Alto, Tenable, Tanium, LogRhythm
• Experience developing risk mitigation strategies
• Leadership experience with HR accountabilities
• Experience with Federal and state regulations pertaining to data privacy and security (HIPAA, HITRUST, NIST, ISO, etc)
• Demonstrated ability to work with cross-functional teams and manage multiple priorities in a fast-paced environment

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, or equivalent
• Experience in healthcare IT or supporting healthcare clients
• Experience with regulatory agencies and external auditors
• Experience leading distributed teams or managing vendor relationships
• Personal Attributes:
• Solid client service orientation and stakeholder management skills
• Analytical and problem-solving mindset
• Ability to prioritize and execute tasks under pressure
• Commitment to continuous learning and professional development
• High integrity, trustworthiness, and professionalism
• All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy

Responsibilities

• Lead and coordinate daily security operations for the account, including monitoring, incident response, and remediation activities
• Serve as the main point of contact for client stakeholders regarding security operations, issues, and escalations
• Oversee operational delivery across matrixed service teams, ensuring alignment with client expectations and contractual obligations
• Support the implementation and maintenance of security controls, policies, and procedures in alignment with enterprise and regulatory requirements (NIST, HIPAA, HITRUST, ISO, etc)
• Collaborate with cross-functional teams to identify, evaluate, and mitigate security risks
• Oversee and participate in incident investigations, root cause analysis, and post-incident reviews
• Lead client risk efforts including third party risk assessments, vendor management and ensure third-party compliance with security and privacy requirements
• Champion a risk-based approach to security efforts and prioritization
• Translate risk findings into actionable architecture plans, standard controls, and design requirements
• Provide expert level guidance to engineering and product teams to ensure secure-by-design implementations
• Prepare and present operational security metrics and status reports to client and internal leadership
• Support business continuity and disaster recovery planning and testing as it relates to security operations
• Collaborate closely with the CISO, Client Security Lead, to ensure strategic alignment and effective execution of security initiatives
• Mentor junior team members and foster a collaborative, client-focused culture
• Oversee the implementation of new systems and ensure they are set up and configured with appropriate security controls, considering all applicable regulatory requirements and client policies
• Engage with cross-functional teams, including technical staff and business stakeholders, to ensure that security considerations are embedded throughout all project phases and to clearly articulate identified security findings

Benefits

• In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
• No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.