Director Information Security Risk Management

Posted Yesterday
Be an Early Applicant
Gurgaon, Gurugram, Haryana, IND
In-Office
Expert/Leader
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
The Role
Serve as the business information security officer for cloud engineering teams, driving cloud risk governance, embedding security-by-design and DevSecOps, leading risk assessments and vulnerability management, advising senior stakeholders, and operationalizing controls and metrics aligned to NIST, CIS, HITRUST and HIPAA to improve cloud security posture.
Summary Generated by Built In
Requisition Number: 2363634
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
As a Business Information Security Officer (BISO), you will be a key member of the ESRO organization, serving as the primary security partner for business and cloud engineering teams. This role is focused on enabling secure cloud engineering and innovation by providing strategic and hands-on support across risk management, cloud security consulting, secure architecture, and vulnerability management.
You will act as the trusted advisor to senior business and technology leaders, translating enterprise security strategy into actionable guidance tailored to secure, cloud platforms and engineering practices. The BISO will drive alignment between business objectives and security requirements, ensuring risks are understood, communicated, and managed within the enterprise risk appetite.
Primary Responsibilities:
  • Drive Cloud Risk Governance: Establish and enforce cloud-aligned risk frameworks; operationalize controls mapped to standards (NIST, CIS, HIPAA) with measurable effectiveness
  • Enable Proactive Risk Management: Leverage automation, analytics, and AI to identify, assess, and prioritize cloud risks for timely mitigation
  • Deliver Data-Driven Outcomes: Define and track risk and control metrics; continuously improve vulnerability management and remediation through data-driven practices
  • Enable Secure Cloud Engineering: Partner with engineering teams to embed security-by-design in architecture & CI/CD pipelines, ensuring secure configurations and scalable controls
  • Act as Trusted Security Advisor: Build solid stakeholder relationships; balance risk, speed, and business priorities while aligning with enterprise strategy and risk appetite

Functional Attributes:
  • Primary Security Partner: Act as the single ESRO point of contact for business and cloud engineering; build solid stakeholder relationships
  • Drive Security Adoption: Promote cloud security, secure development, and risk-informed decision-making across teams
  • Align Security Practices: Integrate IRM objectives with cloud and engineering workflows; identify and address risks and control gaps
  • Deliver Security Services: Lead cloud risk assessments, architecture reviews, compliance (ISMS, HITRUST), and vendor security evaluations
  • Manage Demand & Prioritization: Align security efforts with business priorities and optimize resource allocation
  • Enable Secure Cloud Architecture: Support design and implementation of secure cloud architectures and guardrails (AWS/Azure)
  • Ensure Risk-Based Compliance: Enforce policies using a risk-based approach aligned to enterprise risk appetite
  • Drive Control Effectiveness: Validate controls and lead remediation to improve security posture and reduce risk
  • Provide Practical Advisory: Guide teams on scalable security solutions (IAM, encryption, network, vulnerability remediation)
  • Communicate Clearly: Simplify and communicate risks, controls, and actions for technical and non-technical audiences
  • Lead Security Initiatives: Drive and track cloud security posture and vulnerability reduction programs
  • Support Incident Response: Partner on incident management, root cause analysis, and risk mitigation
  • Leadership Contribution: Support broader enterprise security strategy and transformation initiatives
  • Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:
  • 15+ years in Information Security across risk, cloud security, and architecture
  • Experience in BISO / Security Consulting / Business Security Partner roles
  • Proven experience embedding DevSecOps & security-by-design with engineering teams
  • Experience with security assessments (ISMS, HITRUST, cloud, vendor risk)
  • Experience improving cloud security posture (IAM, encryption, misconfigurations, network security)
  • Exposure to automation/AI-driven risk insights (preferred)
  • Solid hands-on expertise in AWS/Azure security architecture and controls
  • Solid understanding of vulnerability management and remediation practices
  • Familiarity with NIST, ISO 27001, CIS, HIPAA in cloud environments
  • Demonstrated ability to translate technical risks into business decisions
  • Proven solid stakeholder influence in matrixed/global environments
  • Proven excellent communication skills across technical and business audiences

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Skills Required

  • 15+ years in Information Security across risk, cloud security, and architecture
  • Experience in BISO / Security Consulting / Business Security Partner roles
  • Proven experience embedding DevSecOps & security-by-design with engineering teams
  • Experience with security assessments (ISMS, HITRUST, cloud, vendor risk)
  • Experience improving cloud security posture (IAM, encryption, misconfigurations, network security)
  • Exposure to automation/AI-driven risk insights
  • Solid hands-on expertise in AWS/Azure security architecture and controls
  • Solid understanding of vulnerability management and remediation practices
  • Familiarity with NIST, ISO 27001, CIS, HIPAA in cloud environments
  • Demonstrated ability to translate technical risks into business decisions
  • Proven stakeholder influence in matrixed/global environments
  • Excellent communication skills across technical and business audiences

What the Team is Saying

Optum Compensation & Benefits Highlights

  • Leave & Time Off Breadth PTO accrues each pay period with eight paid U.S. holidays plus a floating holiday, and generous time away is consistently emphasized. This breadth supports planned and unplanned time off beyond standard vacation days.
  • Parental & Family Support Six weeks of paid parental leave, up to two weeks of paid caregiver leave, Bright Horizons back‑up care, and adoption assistance signal strong family-oriented support. EAP access with counseling sessions further extends help to employees and their households.
  • Wellbeing & Lifestyle Benefits Company‑paid short‑ and long‑term disability, Calm app membership, tuition reimbursement, commuter and FSA accounts, and broad employee discounts expand everyday wellbeing resources. Free or low‑cost virtual visits complement these lifestyle supports.

Optum Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Eden Prairie, MN
160,000 Employees
Year Founded: 2011

What We Do

Optum, part of the UnitedHealth Group family of businesses, is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. At Optum, we support your well-being with an understanding team, extensive benefits and rewarding opportunities. By joining us, you’ll have the resources to drive system transformation while we help you take care of your future. We recognize the power of connection to drive change, improve efficiency and make a difference in health care. Join a team where your skills and ideas can make an impact and where collaboration is key to creating technology that produces healthier outcomes.

Gallery

Gallery
Gallery
Gallery

Optum Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Optum has three workplace models that balance the needs of the business and the responsibilities of each role. These models, core on‑site (5 days/week), hybrid (4 days/week) and telecommute or fully remote, vary by country, role and location.

Typical time on-site: Not Specified
HQEden Prairie, MN
Metro Manila, Philippines
Cebu, Philippines
Davao, Philippines
Ann Arbor, MI
Atlanta, GA
Baltimore, MD
Bengaluru, India
Chennai, India
Dallas, TX
Detroit, MI
Dublin, Ireland
Hartford, CT
Houston, TX
Hyderabad, India
Jacksonville, FL
Las Vegas, NV
Letterkenny, Ireland
Louisville, KY
Madison, WI
Minneapolis, MN
Nashville, TN
New Delhi, India
Philadelphia, PA
Phoenix, AZ
Pune, India
Raleigh, NC
San Diego, CA
Washington, DC
Learn more

Similar Jobs

Optum Logo Optum

Project Manager

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Gurgaon, Gurugram, Haryana, IND
160000 Employees

Optum Logo Optum

Channel Specialist - Direct Marketing

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Gurgaon, Gurugram, Haryana, IND
160000 Employees

Optum Logo Optum

Machine Learning Engineer

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Gurgaon, Gurugram, Haryana, IND
160000 Employees

Optum Logo Optum

Senior Marketing Specialist

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Gurgaon, Gurugram, Haryana, IND
160000 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account