Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm) Positions in this function develop and implement information security policies, standards and procedures to secure and protect data residing on systems. This position will work directly with senior management and user departments to implement procedures and systems for the protection, conservation and accountability of proprietary, personal or privileged information. Primary Responsibilities:Perform risk analysis to identify IT security risks and remediation plans Identify and/or mitigate operational risks where appropriate Monitor compliance with risk mitigation / remediation plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g., scanning tools) Define / manage the incident handling process, involving applicable teams as needed (e.g., SIRT) Document risks associated with approved exceptions, define mitigation controls and establish long-term remediation strategies Establish appropriate security controls based on defined data classifications to align with applicable laws / regulations / standards Analyze business requirements and ensure that solutions meets established security policies and controls Monitor compliance with applicable laws/standards / regulatory controls related to IT security Participate in / contribute to audit activities involving IT security policies/procedures / controls Define / implement security data management/reporting requirements Ensure alignment of security policies / standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Demonstrate knowledge of applicable IT industry security standards (e.g., PCI - DSS, SSAE16, ISO 27001:2013) Maintain current knowledge on information security topics and their applicability program requirements. Assist the CISO with the monitoring, preparation for and audit of ISO 27001 / NHS IG Toolkit / ISO 22301 Review and maintain the DR / BC Plans and preparation of DR / BC plan testing scenarios Work with the ISMS / Risk Manager on assessment and mitigation of Technical IT risks Document IT security plans / architecture (e.g. process flows,) Investigate, manage and mitigate IT security risks Provide advice and guidance on Access controls, network security, software development security and cryptography
Required Qualifications:A Bachelor's degree in IT or equivalent experience in Information Security Experience in ISO 27001:2013 implementation and maintenance Risk assessment skills and the ability to manage risk assessments / projects independently Tenured experience in internal / departmental information security audits and risk assessments Hold CISSP, CISM, or ISO27001 certification or willingness to obtain immediately upon hire Knowledge of applicable laws / regulatory controls related to IT security with demonstrated knowledge of data security / protection principles Excellent communication skills both verbally and written Good presentation skills particularly ability to present technology elements in manner personnel can follow and actPreferred Qualifications: Demonstrated software development lifecycle experience, experience in logging and monitoring (server, router, application logs either local or sent into a centralized Security Incident and Event Management tool) Demonstrated experience in security or privacy investigations NHS IG Toolkit Experience of certification BS25999 / ISO 22301 CISA / CISM Security expertise including knowledge on different security risk assessment frameworks (NIST / Octave), standards (ISO27001:2013 / HITRUST), and acts such as (HIPAA / GLBA) Experience in managing and measuring the effectiveness of an information security awareness programCareers with Optum. Here's the idea. We built an entire organization around one giant objective; make health care work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.(sm) Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law. Job Keywords: CISSP, CISM, ISO27001 ISO 27001:2013, IT Security, IT, Security Consultant, IT Consultant, London, UK, United Kingdom
Our mission is to help people live healthier lives and to help make the health system work better for everyone.- We seek to enhance the performance of the health system and improve the overall health and well-being of the people we serve and their communities. - We work with health care professionals and other key partners to expand access to quality health care so people get the care they need... at an affordable price. - We support the physician/patient relationship and empower people with the information, guidance and tools they need to make personal health choices and decisions.