senior Information Security engineering consultant - governance risk and complianceUnitedHealth Group
Workplace: Muntinlupa
Salary: Agreement
Work form: Full time
Posting Date: 08/12/2025
Deadline: 07/01/2026
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.Primary Responsibilities:
This role is responsible for developing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks while managing third-party risk for our clients. The position ensures adherence to regulatory requirements, internal policies, and industry standards, while proactively identifying and mitigating risks associated with internal processes and external vendors
Develop and maintain GRC frameworks aligned with organizational goals and regulatory requirements
Perform risk assessments, maintain risk registers, and manage risk acceptance and policy exceptions
Ensure compliance with regulatory requirements for clients and internal policies
Monitor information security risks and drive remediation of policy exceptions
Conduct control testing to evaluate the maturity and effectiveness of security controls (HIPAA, HITRUST, NIST 800-53)
Define risk thresholds, implement risk frameworks, and remediate identified gaps
Manage risk and policy exceptions through GRC platforms
Review High and Critical risks monthly with risk owners and executive leadership
Create executive dashboards and reports for leadership visibility into risk posture and KPIs
Stay current on regulatory changes, security trends, and compliance requirements
Track key risk register and policy exception metrics
Establish a baseline of vendor risk and identify areas of potential exposure
Design and implement a consistent Third-Party Risk Management (TPRM) program aligned with internal policy and regulatory requirements
Conduct pre-contract due diligence and ongoing vendor risk assessments
Develop mitigation plans and partner with internal stakeholders to monitor vendor performance post-contract
Provide guidance to business units and sourcing teams on VRM requirements
Maintain structured governance for vendor risk and procurement compliance
Ensure compliance with SOC 1 and SOC 2 audit requirements
Continually reassess operational risks and emerging threats related to vendors
Create executive summaries with recommendations for remediation and risk disposition
Track key vendor-related metrics
Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
Bachelor's degree or higher level of education
5 + years of technical experience in Information Security
GRC platform implementation experience (such as NAVEX Service Now, LogicGate, Rsam)
Experience with federal cyber security standards (such as NIST 800-53)
Experience in performing vendor & Product assessment (manual or tool-based)
Auditing skills and the ability to manage risk assessments / projects independently
Proven excellent communication skills both verbal and written
Good presentation skills particularly ability to present technology elements in manner personnel can follow and act.
Good understanding of HIPAA, HITRUST and Security Core Concepts
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.Optum is a drug-free workplace. © 2025 Optum Global Solutions (Philippines) Inc. All rights reserved.
UnitedHealth Group
This role is responsible for developing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks while managing third-party risk for our clients. The position ensures adherence to regulatory requirements, internal policies, and industry standards, while proactively identifying and mitigating risks associated with internal processes and external vendors
Develop and maintain GRC frameworks aligned with organizational goals and regulatory requirements
Perform risk assessments, maintain risk registers, and manage risk acceptance and policy exceptions
Ensure compliance with regulatory requirements for clients and internal policies
Monitor information security risks and drive remediation of policy exceptions
Conduct control testing to evaluate the maturity and effectiveness of security controls (HIPAA, HITRUST, NIST 800-53)
Define risk thresholds, implement risk frameworks, and remediate identified gaps
Manage risk and policy exceptions through GRC platforms
Review High and Critical risks monthly with risk owners and executive leadership
Create executive dashboards and reports for leadership visibility into risk posture and KPIs
Stay current on regulatory changes, security trends, and compliance requirements
Track key risk register and policy exception metrics
Establish a baseline of vendor risk and identify areas of potential exposure
Design and implement a consistent Third-Party Risk Management (TPRM) program aligned with internal policy and regulatory requirements
Conduct pre-contract due diligence and ongoing vendor risk assessments
Develop mitigation plans and partner with internal stakeholders to monitor vendor performance post-contract
Provide guidance to business units and sourcing teams on VRM requirements
Maintain structured governance for vendor risk and procurement compliance
Ensure compliance with SOC 1 and SOC 2 audit requirements
Continually reassess operational risks and emerging threats related to vendors
Create executive summaries with recommendations for remediation and risk disposition
Track key vendor-related metrics
Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
Bachelor's degree or higher level of education
5 + years of technical experience in Information Security
GRC platform implementation experience (such as NAVEX Service Now, LogicGate, Rsam)
Experience with federal cyber security standards (such as NIST 800-53)
Experience in performing vendor & Product assessment (manual or tool-based)
Auditing skills and the ability to manage risk assessments / projects independently
Proven excellent communication skills both verbal and written
Good presentation skills particularly ability to present technology elements in manner personnel can follow and act.
Good understanding of HIPAA, HITRUST and Security Core Concepts
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.Optum is a drug-free workplace. © 2025 Optum Global Solutions (Philippines) Inc. All rights reserved.
UnitedHealth Group
Other Info
Alabang, Muntinlupa City
Permanent
Full-time
Permanent
Full-time
Submit profile
UnitedHealth Group
About the company
UnitedHealth Group jobs
Philippines
Cebu, CebuAgreement
US Registered Nurse Quezon City
MetroManila, Quezon, Quezon, ManilaAgreement
DavaoAgreement
Position senior Information Security engineering consultant - governance risk and compliance recruited by the company UnitedHealth Group at Muntinlupa, Joboko automatically collects the salary of , finds more jobs on Senior Information Security Engineering Consultant - Governance Risk and Compliance or UnitedHealth Group company in the links above
About the company
UnitedHealth Group jobs
Philippines