Optum, part of the UnitedHealth Group family of businesses, is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. At Optum, we support your well-being with an understanding team, extensive benefits and rewarding opportunities. By joining us, you’ll have the resources to drive system transformation while we help you take care of your future. We recognize the power of connection to drive change, improve efficiency and make a difference in health care. Join a team where your skills and ideas can make an impact and where collaboration is key to creating technology that produces healthier outcomes.
Info Security Engineer - GRC and TPRM
Location
Philippines
Posted
19 hours ago
Salary
0
Seniority
Senior
Job Description
Info Security Engineer - GRC and TPRM
Optum
Requisition Number: 2367165 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. This role is responsible for conducting security risk assessments of vendor-provided solutions within a healthcare environment, focusing on the protection of sensitive health information and organizational systems. This role evaluates vendor controls against frameworks such as NIST SP 800-53 and ensures alignment with HIPAA security requirements, identifying gaps and recommending mitigation strategies. The analyst leverages knowledge of U.S. healthcare technologies (e.g., EHR systems, medical devices) and associated cybersecurity risks to support informed, risk-based decision making. Primary Responsibilities: - Governance, Risk & Compliance (GRC): - Develop and maintain GRC frameworks aligned with organizational goals and regulatory requirements - Perform third party risk assessments with an emphasis on solution-specific assessments, requiring a knowledge of US-based healthcare information technology - Ensure compliance with regulatory requirements for our clients - Monitor information security risks and drive remediation of policy exceptions - Conduct control testing to evaluate maturity and effectiveness of security controls (HIPAA/HITRUST/NIST 800-53) - Work with business stakeholders on defining risk thresholds, implementing risk frameworks, and remediate identified gaps - Stay current on regulatory changes, security trends, and compliance requirements - Create executive summary /reporting for executives - Serves as POC (Point of Contact) in lead's absence - Led and supported GRC platform implementation activities, including tool configuration, workflow customization, process integration, testing, and user support - Third-Party Risk Management (TPRM): - Establish a baseline of vendor risk and identify areas of potential exposure - Design and implement a consistent Vendor Risk Management (VRM) program with an emphasis on vendor solutions, aligned with internal policy and regulatory requirements - Conduct pre-contract due diligence and ongoing vendor solution risk assessments - Develop mitigation plans and partner with internal stakeholders to monitor vendors post-contract - Provide guidance to business units and sourcing teams on VRM requirements - Maintain structured governance for vendor risk and procurement compliance - Continually reassess operational risks and emerging threats related to vendors and vendor supplied solutions - Create executive summaries with recommendations for remediation and risk disposition - Track key vendor related metrics - Worked on Third-Party Risk Management (TPRM) platform implementation projects, including onboarding, configuration, and end-to-end lifecycle management of third-party vendors through the platform - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: - Bachelor's degree in information security, Risk Management, or related field (or equivalent experience) - 5+ years of experience in Governance, Risk & Compliance and/or Third-Party Risk Management - Solid understanding of risk management frameworks (HIPAA, HITRUST, NIST 800-53) and regulatory requirements - Proficiency in GRC platforms and vendor risk management tools - Proven excellent analytical skills with ability to interpret large datasets and create actionable reports - Proven solid verbal and written communication skills; ability to present recommendations to senior leadership - Proven ability to work independently and manage complex, less-structured issues Preferred Qualifications: - Experience in developing risk frameworks and dashboards - Exposure to federal/state regulatory compliance requirements - Familiarity with healthcare technologies such HER systems, biomedical devices, SaaS, etc. - Familiarity with procurement processes and vendor governance - Proven ability to act as a point of contact and lead in absence of senior leadership Key Competencies: - Risk Analysis & Assessment - Vendor Risk Management - Regulatory Compliance - Process Improvement - Stakeholder Communication - Problem Solving & Decision Making At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Independently perform all aspects of the security controls assessment in alignment with NIST 800-53 Revision 5 • Ensure comprehensive understanding and application of ATO documentation requirements • Coordinate all aspects of testing with relevant stakeholders and team lead • Develop a security assessment plan with input from stakeholders • Conduct and lead assessment interviews and tests and manage evidence • Provide insightful recommendations to improve security posture
Senior Product Marketing Manager, API, Security & Infrastructure
AlphaSenseThe market intelligence and search platform trusted by over 3,500 leading organizations
• Own the technical positioning & messaging for AlphaSense’s platform infrastructure and security posture • Develop compelling narratives that translate complex architectural capabilities into credible, trust-based content for technical buyers • Act as the primary bridge between technical SMEs and GTM teams • Partner with Thought Leadership and Security/Compliance teams to create high-impact technical thought leadership • Partner with the broader marketing team to leverage technical content for organic growth • Partner with Enablement to equip Sales, Support, and App Spec teams with technical enablement • Partner with Competitive Intelligence to contribute to competitive battlecards • Conduct research into technical buyer personas and emerging infrastructure trends • Partner with Solution Marketing to build targeted programs that highlight security and stability • Lead product launches for infrastructure and security-centric releases
• Drive technical projects from ideation to delivery, including managing complex project schedules, removing roadblocks, and keeping processes running smoothly. • Identify and operationalize the metrics and key performance indicators necessary to track progress, and drive issue resolution & mitigation at a granular level across the organization. • Create and operationalize processes to transform the effectiveness of the organization with respect to meeting business goals. • Drive effective communication, collaboration and commitment across multiple stakeholders and disparate groups with competing priorities • Work with teams to identify and handle our top risks and drive decisions to align leadership on the right level of risk for each project. • Facilitate productive meetings from small (3-5 people) to large (100 people or more).
Principal Cyber Security Engineer - Senior Mainframe RACF Engineer
First Citizens BankFirst Citizens Bank offers a full line of financial services and focuses on individuals, as well as small to medium-sized businesses. As an employer, the compan
Role Description The Senior Mainframe RACF Engineer leads the design, implementation, and governance of RACF security controls across complex z/OS environments. This role requires expert-level RACF engineering, strong programming skills, and hands-on experience with various security technologies. - Architect, configure, and maintain RACF profiles, classes, permissions, and database structures across multi-LPAR environments. - Support MFA for mainframe access, including integration with Enterprise Identity providers and enforcement of strong authentication policies. - Manage digital certificate creation, renewal, rotation, and ring assignments; ensure secure integration with SFTP and cross-platform authentication. - Develop automation and tooling using REXX, CLIST, and TSO/ISPF to streamline RACF administration and operational workflows. - Build and optimize SAS programs for compliance reporting, audit evidence generation, access analytics, and RACF database insights. - Integrate RACF with DB2, CICS, and enterprise applications to ensure end-to-end security coverage. - Diagnose and resolve RACF-related issues; perform root-cause analysis and lead remediation for security events. - Produce SOX/HIPAA/PCI evidence, lead reviews, and maintain defensible documentation for audits. - Drive modernization of authentication and cryptographic controls, including MFA and certificate lifecycle automation. - Train junior engineers; support processes, standards, and engineering design documentation. Qualifications - Bachelor's Degree and 8 years of experience in Systems Engineering, Network, or Information Security OR High School Diploma or GED and 12 years of experience in Systems Engineering, Network, or Information Security. - 10+ years of mainframe experience with expert RACF knowledge (profiles, classes, permissions, command set). - Advanced proficiency in REXX, SAS, JCL, TSO/ISPF, and IBM utilities. - Hands-on experience with Vanguard specific tools. - Hands-on experience with MFA for mainframe access, including integration with enterprise identity providers. - Experience with dataset encryption and cryptographic modernization. - Strong background in digital certificates, rings, and cross-platform authentication. - Proven ability to troubleshoot complex RACF issues and differentiate RACF vs. non-RACF root causes. - Experience supporting SOX, HIPAA, PCI, and internal audit requirements. - Strong analytical, communication, and documentation skills. - Experience defining enterprise RACF standards and reference architectures. - Systems programming experience. - Financial industry experience. Requirements - Remote eligible. - The base pay for this position is generally between $130,000 and $190,000, determined based on skills, experience, location, and other non-discriminatory factors. - Total compensation may include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment. Benefits Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at First Citizens Bank Benefits .




