Senior Information Security Risk Analyst

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities

• Lead external partner security scoping discussions and assessments, analyze security evidence, and determine applicable remediation activities
• Communicate professionally with external business and security stakeholders through multiple communication methods and build trusting relationships
• Collaborate with key operational, network, and business leaders to resolve or escalate complex third-party relationship issues, minimizing partner disruption
• Identify technical, administrative, and physical security deficiencies
• Provide industry-standard security resources and guidance to resolve deficiencies
• Drive compliance with security requirements within acceptable service levels
• Manage multiple partner assessment and remediation activities simultaneously
• Document and report results with a high degree of quality and accuracy
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
  
  

• Undergraduate degree or equivalent experience
• Proven ability to understand and scope partner security and technical environments to apply relevant assessment control frameworks
• Proven ability to understand health insurance claim, clinical, sales, and healthcare supply chain and data flow concepts
• Proven ability to understand HIPAA Covered Entity, Business Associate, Privacy and Security rule frameworks
• Proven ability to perform and manage assessment and issue remediation per process documents and service levels
• Proven ability to review security evidence, reports, and provide timely feedback
• Proven ability to communicate, track, or escalate issues as necessary
• Proven ability to maintain current knowledge on information security topics and applicability to program requirements
• Proven ability to ensure the highest degree of quality and accuracy on assessment, remediation, and communication activities
• Proven ability to identify and drive process or system improvement opportunities
• Proven ability to educate and train team members