Jobs · Marketing · Minnesota

Vice President, GRC Enablement & Enterprise Product Services

UnitedHealth Group · Eden Prairie, MN · 1 mo ago
Marketing$200k–$344k/yrFull-time

About the role

You will lead the enterprise-wide design, modernization, and execution of GRC enablement capabilities that support policy governance, independent validation, strategic and technology risk management, and regulatory compliance across UnitedHealth Group. You will have enterprise-wide accountability for GRC enablement outcomes and own the enterprise GRC platform, risk and control data architecture, workflow automation, and analytics strategy-ensuring risk-informed decision-making is embedded at scale across business and technology operations.

Responsibilities

  • Enterprise GRC Enablement Strategy
    • Define and execute the enterprise-wide GRC enablement strategy as a foundational capability supporting policy execution, independent validation, strategic risk oversight, and regulatory compliance
    • Set enterprise standards and operating models that scale across business units, products, and regulatory environments in alignment with enterprise risk appetite and strategic objectives
  • GRC Platform, Data & Workflow Governance
    • Own and modernize the enterprise GRC platform as the authoritative system of record for risks, controls, issues, remediation, and compliance evidence
    • Govern enterprise risk and control taxonomies, data dictionaries, lineage, and traceability to support Board reporting, audits, and regulatory examinations
    • Establish standards for workflow orchestration, automation, access control, and integration across cybersecurity, technology risk, compliance, and operational risk domains
  • Predictive & Forward-Looking Risk Intelligence
    • Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance
    • Enable continuous monitoring, KRIs, and early-warning indicators for emerging risks, control degradation, regulatory change, and systemic exposure
  • Executive, Board & Regulatory Enablement
    • Deliver concise, executive- and Board-ready dashboards, metrics, and narratives that inform risk-informed decision-making and enterprise prioritization
    • Support regulatory exams, audits, and independent assessments through timely, complete, and defensible evidence-based reporting
  • Transformation, Adoption & Change Leadership
    • Drive enterprise adoption of standardized GRC processes, workflows, and data models through large-scale change leadership and executive alignment
    • Lead transformation across the three lines of defense and hold accountability for measurable improvements in transparency, risk reduction, remediation cycle time, and control maturity
  • Design Thinking & Persona-Driven Risk Enablement
    • Lead enterprise design thinking sessions to reimagine cyber and technology risk processes, focusing on simplifying user experience, reducing friction, and improving adoption across business and technology teams
    • Facilitate "Day in the Life" exercises to develop detailed personas across roles (e.g., product teams, engineers, business leaders, control owners, and risk practitioners), ensuring risk frameworks align with how work is actually performed
    • Translate persona insights into practical GRC enablement capabilities, including workflow design, control integration, decision points, and automation opportunities
    • Partner with cybersecurity, technology, product, and business stakeholders to ensure risk requirements are embedded directly into engineering, operations, and AI workflows rather than applied after the fact
    • Drive a human-centered approach to risk management, ensuring policies, controls, and governance processes are intuitive, scalable, and aligned to real-world operating conditions
    • Incorporate persona-driven insights into the continuous improvement of GRC platforms, data models, and user interfaces, improving usability, adoption, and effectiveness of the enterprise risk operating model

Requirements

  • 20+ years of progressive experience in enterprise risk management, GRC, governance, compliance, audit, or cybersecurity within complex, highly regulated environments
  • 5+ years of leadership (Vice President level or equivalent) experience leading enterprise-wide enablement, risk, compliance, or transformation functions
  • Proven success implementing and scaling enterprise GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream) with demonstrable automation and risk reduction outcomes
  • Demonstrated experience supporting Board committees, executive leadership, and regulators with defensible, data-backed risk insights, including influencing decisions and shaping enterprise risk posture
  • Bachelor's degree in Business, Risk Management, Information Security, Technology, Finance, Law, or equivalent experiences

Preferred Qualifications

  • Advanced degree (MBA, MS, or equivalent)
  • Professional certifications such as CRISC, CISA, CISSP, CISM, CPA and/or CIA

Core Competencies

  • Strategic Enterprise Risk & GRC Enablement Leadership
  • Enterprise GRC Platform, Data Architecture & Analytics
  • Board, Executive & Regulatory Communication
  • Predictive Risk Intelligence, Automation & AI Enablement
  • Large-Scale Change Leadership & Operating Model Transformation
  • Independent Assurance & Continuous Monitoring Enablement
  • Cross-Enterprise Influence & Stakeholder Alignment

Similar jobs