Vice President, GRC Enablement & Enterprise Product Services

UnitedHealth Group•Eden Prairie, MN

9d•$200,400 - $343,500•Hybrid

About The Position

UnitedHealth Group is a health care and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, UnitedHealthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a team that shares your passion for helping others. Join us to start Caring. Connecting. Growing together. You will lead the enterprise-wide design, modernization, and execution of GRC enablement capabilities that support policy governance, independent validation, strategic and technology risk management, and regulatory compliance across UnitedHealth Group. You will have enterprise-wide accountability for GRC enablement outcomes and own the enterprise GRC platform, risk and control data architecture, workflow automation, and analytics strategy—ensuring risk-informed decision-making is embedded at scale across business and technology operations. Acting as a trusted advisor to executive leadership, Board committees, and regulators, this role shapes how risk information is surfaced, governed, and acted upon at the highest levels of the organization. It ensures the enterprise maintains a single, authoritative, and defensible system of record for risks, controls, issues, and assurance outcomes, enabling continuous readiness, executive transparency, and sustainable risk reduction aligned with NIST, ISO, NYDFS, HIPAA, HITRUST, SOX, PCI-DSS, and emerging AI governance expectations. You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires within 30 minutes of an office in Minnesota or Washington, D.C., you'll be required to work a minimum of four days per week in-office.

Requirements

20+ years of progressive experience in enterprise risk management, GRC, governance, compliance, audit, or cybersecurity within complex, highly regulated environments
5+ years of leadership (Vice President level or equivalent) experience leading enterprise-wide enablement, risk, compliance, or transformation functions
Proven success implementing and scaling enterprise GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream) with demonstrable automation and risk reduction outcomes
Demonstrated experience supporting Board committees, executive leadership, and regulators with defensible, data-backed risk insights, including influencing decisions and shaping enterprise risk posture
Bachelor’s degree in Business, Risk Management, Information Security, Technology, Finance, Law, or equivalent experiences

Nice To Haves

Advanced degree (MBA, MS, or equivalent)
Professional certifications such as CRISC, CISA, CISSP, CISM, CPA and/or CIA

Responsibilities

Define and execute the enterprise-wide GRC enablement strategy as a foundational capability supporting policy execution, independent validation, strategic risk oversight, and regulatory compliance
Set enterprise standards and operating models that scale across business units, products, and regulatory environments in alignment with enterprise risk appetite and strategic objectives
Own and modernize the enterprise GRC platform as the authoritative system of record for risks, controls, issues, remediation, and compliance evidence
Govern enterprise risk and control taxonomies, data dictionaries, lineage, and traceability to support Board reporting, audits, and regulatory examinations
Establish standards for workflow orchestration, automation, access control, and integration across cybersecurity, technology risk, compliance, and operational risk domains
Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance
Enable continuous monitoring, KRIs, and early-warning indicators for emerging risks, control degradation, regulatory change, and systemic exposure
Deliver concise, executive- and Board-ready dashboards, metrics, and narratives that inform risk-informed decision-making and enterprise prioritization
Support regulatory exams, audits, and independent assessments through timely, complete, and defensible evidence-based reporting
Drive enterprise adoption of standardized GRC processes, workflows, and data models through large-scale change leadership and executive alignment
Lead transformation across the three lines of defense and hold accountability for measurable improvements in transparency, risk reduction, remediation cycle time, and control maturity
Lead enterprise design thinking sessions to reimagine cyber and technology risk processes, focusing on simplifying user experience, reducing friction, and improving adoption across business and technology teams
Facilitate “Day in the Life” exercises to develop detailed personas across roles (e.g., product teams, engineers, business leaders, control owners, and risk practitioners), ensuring risk frameworks align with how work is actually performed
Translate persona insights into practical GRC enablement capabilities, including workflow design, control integration, decision points, and automation opportunities
Partner with cybersecurity, technology, product, and business stakeholders to ensure risk requirements are embedded directly into engineering, operations, and AI workflows rather than applied after the fact
Drive a human-centered approach to risk management, ensuring policies, controls, and governance processes are intuitive, scalable, and aligned to real-world operating conditions
Incorporate persona-driven insights into the continuous improvement of GRC platforms, data models, and user interfaces, improving usability, adoption, and effectiveness of the enterprise risk operating model