Optum Serve CISO
Optum · Eden Prairie, MN · 1 mo ago
Information Technology$200k–$344k/yrFull-time
Primary Responsibilities
- Fully understand business risks and business objectives
- Perform Senior Management Official (FSO and KM) role
- Serve as the strategic and information security leader, advising on security requirements for business initiatives and programs
- Develop and implement comprehensive information security strategies, policies, and procedures to protect confidential beneficiary data, electronic health records (EHRs), infrastructure supporting classified Optum Serve data/services and other sensitive information
- Stay updated with the latest industry standards, regulations, and best practices related to information security in healthcare and distinct cybersecurity requirements for Optum Serve data security, such as FISMA, FEDRAMP, CMMC , CIRCIA, Health Insurance Portability and Accountability Act (HIPAA)
- Conduct regular risk assessments and vulnerability tests to identify potential weaknesses in systems and networks and respond appropriately to address and mitigate those vulnerabilities
- Design and implement robust security controls, including firewalls, intrusion detection systems, encryption mechanisms, and data loss prevention solutions, to ensure the integrity, availability, and confidentiality of healthcare data
- Collaborate with cross-functional teams, including IT, compliance, legal, and executive leadership, to align security initiatives with organizational goals and priorities
- Lead incident response efforts in the event of a security breach or cyber-attack, coordinating with internal teams and external stakeholders to minimize the impact and ensure swift resolution
- Provide guidance and training to employees on information security best practices and awareness
- Assist other Technology and Business leaders in merger & acquisition activities
Required Qualifications
- 15+ years of information security experience in a highly regulated enterprise
- 5+ years of experience serving in a leadership capacity (Director level or above)
- 3+ years of experience reviewing security contracts
- Current active security clearance
- Demonstrated ability to engage and influence SES level government executives
- Technical security certification
- Experience with interpretation and application of policy and standards, including prior experience with healthcare compliance regulations (e.g., HIPAA, FEDRAMP)
- Experience with multiple information security frameworks (FEDRAMP, CMMC, NIST, HIPAA etc.)
- Demonstrated expertise developing and implementing information security strategies, risk management frameworks, and incident response plans
- Proven knowledge of network security, encryption technologies, identity and access management, intrusion detection/prevention systems, and vulnerability assessment tools
- Subject matter expert knowledge of the technological aspects of security across disparate healthcare, financial and industrial technology systems that underpin the healthcare ecosystem
- Risk management experience including identification, prioritization, and mitigation of risk
- Track record of success making quality, data-driven recommendations and decisions following discovery, analysis, verification, etc.
- Executive presence, evidenced by client relationship management skills with senior management on issues and key risks to the business (presentations, executive summaries, etc.)
- Maintains effectiveness and composure in difficult or complex situations
- Able to negotiate and influence without authority
- Bachelor's degree in information security technology, cyber security, or related field or equivalent experiences
Preferred Qualifications
- CISSP/GSLC/GSTRT
- Cloud technology certifications on AWS, Azure, and/or GCP
- TS/SCI