Requisition Number: 2336851 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. The Segment Information Security Officer (SISO) for OptumCare, Mid-America Region will work with technology teams to execute and sustain the security program and strategy. Candidate must be an innovative thinker and have a strong background in cyber security. Leveraging existing locally managed solutions and Optum solutions where applicable, this individual will lead the collective efforts including, but not limited to: - Vulnerability & exposure management - Information security monitoring, analysis, and response - Investigations and data forensics - Penetration testing - Security metrics and reporting - Effective leadership and solutioning skills - Competency with industry frameworks and regulations including NIST, HIPAA, ISO, etc. - Audit and assessment - Identity and Access Management - Contract reviews - Security reviews of applications, data, and infrastructure designs, including cloud and locally hosted solutions - Security review of network solutions including cloud architecture, firewalls, Regional Network Hub technology, data flows, voice, and video If you are located in MN or DC, you will have the flexibility to work remotely*, as well as work in the office as you take on some tough challenges. Primary Responsibilities: - Ensure compliance with industry, regulatory and contractual security requirements of all products, customers, and assigned areas - Provides analysis of and suggested solutions to complex Cyber Security issues, as well as complex conceptual analysis, building and maintaining key security and contract metrics - Lead programs that will minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled, and processed within the organization - Collaborates with leadership to initiate, facilitate, and promote activities to foster information security awareness within the organization - Lead a multi-organizational security team to foster growth and continued maturation of various security programs in the organization - Provides expertise/analysis for the management/implementation of budgets, forecasts, and resource planning strategies in support of client engagement - Provides direction and collaboration with other senior leadership, directors, managers, and stakeholders in the mitigation of risks within the IT Security infrastructure, Business Unit Solution as well as the overall organization - Creates a culture of physical and information security within the organization and drives behavioral changes for the business. Conducts, designs, and provides security training for staff. Initiates, facilitates, and promotes activities to foster information security awareness within the organization and related entities - Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to evaluate the risk in the context of the organization and to mitigate risk - Ensure that the risk management and access control needs of the organization are addressed - Travel up to 10% of the time You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: - 5+ years of information security/ technology/ engineering/ or operations experience - 3+ experience leading an information security team or program (manager or senior manager level) - 3+ years of experience translating business needs and priorities into applicable IT solutions and/or strategies - 3+ years of experience working with external auditors, regulatory bodies, and internal customers - 3+ years of experience reviewing IT and/or security related contracts - 3+ years of experience combining security requirements and business needs into applicable IT solutions and/or strategies - Experience with cyber security standards/organizations (such as SOX, HIPPA, PCI DSS, ITIL, NIST, COBIT, IETF, IEEE) - Hands-on knowledge of modern security domains: - Identity & access management - Cloud security (Azure, AWS, GCP) - Network and endpoint security - Data protection & privacy - Security incident response - Understanding of secure architecture principles for cloud, hybrid, and on-prem environments - Proven solid management presence with the ability to influence local and remote personnel at varying levels (including executives, physicians, and other non-technical business leaders) - Proven solid communicator with demonstrated collaboration, analytical, and critical thinking skills to achieve business goals, while balancing security and technology objectives Preferred Qualifications: - Advanced security certifications such as; Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Chief Information Security Officer (CCISO) - Network / security infrastructure / application / system vulnerability and/or threat management experience at the Engineer or Architect level - Proven ability to negotiate and influence cross-functional teams (IT, engineering, product, operations) - Proven solid relationship-building skills-trusted advisor mindset *All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $112,700 to $193,200 annually based on full-time employment. We comply with all minimum wage laws as applicable. Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.

• Establishment, further development, and structured preparation of our organization for an ISMS according to ISO/IEC 27001, as well as preparation for ISO 9001 certifications • Analysis, assessment, and implementation of regulatory requirements, particularly stemming from the NIS-2 Directive • Alignment with and, where applicable, implementation of measures according to BSI IT-Grundschutz • Establishment, further development, and assurance of the annual audit of our Internal Control System (IKS) by our external auditor in accordance with PS 951 Type 2 / ISAE 3402 • Maintenance and structuring of all compliance and security documentation in Confluence and Jira, including building traceable, audit-ready structures and workflows • Ongoing collaboration and advisory support with all teams to systematically capture and keep security- and compliance-related information up to date • Development, standardization, and optimization of processes in information security, compliance, and internal controls • Preparation, accompaniment, and support for internal and external audits, including risk analyses and tracking of remediation measures

• The Instructor provides an educational atmosphere where students have the opportunity to fulfill their potential for intellectual, emotional, physical, and psychological growth. • The Instructor organizes and implements an instructional program that results in students achieving academic success in accordance with FLVS and state policies and laws. • Plan, prepare, and implement instructional activities that contribute to a climate where students are actively engaged in meaningful learning experiences • Identify, select, create, and modify instructional resources to meet the needs of the students with varying backgrounds, learning styles, and special needs • Assist in assessing changing curricular needs and offer plans for improvement • Maintain effective and efficient record-keeping procedures • Provide a positive environment in which students are encouraged to be actively engaged in the learning process • Communicate with students, parents, and internal and external professionals within established timelines • Collaborate with peers to enhance the instructional environment for students by participating in activities which include, but are not limited to, team teaching, meetings, staff development, communities of practice, and various committees • Model professional and ethical standards when dealing with students, parents, peers, and community members • Ensure that student growth and achievement are continuous and appropriate for age group, subject area, and/or program classification • Establish and maintain cooperative working relationships with students, parents, schools, and colleagues measured by FLVS district/school survey results • Meet specific course and school-wide student performance goals • Demonstrate gains in student performance • Participate in research and presentations about online teaching; this may include activities such as, authoring articles, hosting workshops, sharing of information for professional growth, and student outreach events and activities • Participate in blended learning models, which include both online and classroom instruction and interaction with students at various schools and districts across the state; may be required to report to an assigned school • May be responsible for instructional tutoring • Meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner, and demonstrating respect for others

Company Description It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today - ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone. Job Description About the team: We are the backbone of Microsoft-powered collaboration at ServiceNow. Our team owns and manages the organization's Microsoft infrastructure - spanning Outlook, SharePoint, OneDrive, Microsoft Teams, and the broader collaboration ecosystem - ensuring employees have the tools, access, and experience they need to work seamlessly. Beyond keeping the lights on, we take a strong stance on security and governance within the Microsoft environment. From access controls and data policies to compliance frameworks, we ensure our collaboration platforms are not just productive - but safe, compliant, and built to scale. Whether it's enabling the workforce through modern collaboration tools or safeguarding the integrity of our Microsoft ecosystem, the DT Collaboration team sits at the intersection of productivity and trust. About the role: We are seeking a senior individual contributor to lead the technical design, implementation, and ongoing security operations of a Microsoft 365 GCC High environment supporting Controlled Unclassified Information (CUI). This role is accountable for implementing and evidencing compliance with CMMC Level 2, DFARS 7012, and NIST 800-171 controls. The engineer will act as the technical owner of the GCC High enclave, partnering with Security, Legal, and IT to ensure audit readiness and successful certification by May 2026. This role requires independent execution, deep security expertise, and the ability to translate regulatory requirements into enforceable technical controls. The impact you'll make: Architecture & Tenant Build - Lead GCC High tenant design and deployment - Define secure architecture for: - Entra ID (Azure AD) - Exchange Online - SharePoint/OneDrive - Teams - Intune - Defender Suite - Purview Compliance - Establish Zero Trust and least-privilege administrative model - Design CUI boundary protections and data segmentation Compliance Implementation (CMMC/NIST 800-171) - Map CMMC practices to technical controls and configurations - Develop and maintain: - System Security Plan (SSP) - Control narratives - Evidence repository - POA&M - Implement: - MFA/Conditional Access - Device compliance & endpoint hardening - Logging/monitoring/SIEM integration - DLP & data classification - Incident response workflows - Lead readiness reviews and assessment preparation with C3PAOs Security Operations - Own security baselines and tenant hardening - Manage vulnerability remediation lifecycle - Oversee incident investigations and root cause analysis - Establish monitoring, alerting, and audit logging standards - Drive continuous improvement of controls Cross-Functional Leadership (IC4 Scope) - Serve as technical authority for GCC High security decisions - Provide guidance to operations engineers and offshore support - Partner with Legal/Compliance on regulatory interpretation - Present risk posture and compliance metrics to leadership - Mentor junior engineers (without direct management responsibility) Qualifications - U.S. Person (citizen or permanent resident) - required for GCC High/CUI access. - 6-10+ years Microsoft 365/Azure security engineering experience. - Hands-on implementation of GCC High or FedRAMP/DoD environments. - Direct experience with: - CMMC or NIST 800-171 control implementation - Intune & endpoint security - Entra ID Conditional Access/PIM - Defender suite - Purview (DLP/eDiscovery/Insider Risk) - Experience preparing for security audits or assessments. - Strong technical documentation skills. Extras: - CISSP, CISM, or Security+ - Microsoft SC-100, SC-200, SC-300, MS-102 - Gov/DoD contracting environment experience Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.