Info Security Risk Consultant

Information Security Risk Consultant / IT Compliance and Audit

Posted today

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Build out the Regulatory and Policy team and will support the expansion of coverage for NYDFS/HIPPASR and EIRA including addition of 34 legal entities and 1500+ applications, as well as the alignment of policy to standard framework.

Primary Responsibility

• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives related to work location changes, team changes, work shifts, flexible work arrangements, and other decisions arising from the changing business environment.

Required Qualifications

• College degree in Information Systems or similar
• 5+ years of experience in IT audit, risk governance, or risk assessment
• Experience with risk assessment frameworks such as HIPAA, NIST, HITRUST, etc.

Posted 1 day ago

Open roles include leadership positions such as AVP for Internal Audit and Regulatory Response and other information security roles with responsibilities covering governance, risk, compliance, and advisory efforts.

• Participate in preparing regular management reports, internal controls assessments, and policy compliance with standards
• Monitor control programs and coordinate internal/external audits
• Maintain IS policies and procedures; administer reviews of security compliance programs
• Identify risk root causes and provide actionable recommendations
• Lead and coordinate with Cybersecurity, Incident Response, Threat Intelligence, and Threat Hunting teams as needed

What Sets You Apart

• Graduate in CS, Accountancy, or related field; strong IAM knowledge
• 5+ years in Information Security, Technology Risk, or Operational Risk
• Strong ethics, compliance with internal controls and regulatory standards
• Strong problem-solving, communication, and collaboration skills

Information Security Auditor

Various postings with responsibilities including planning, scoping, and executing risk-based IT, information security, and data privacy assurance projects in line with IIA and ASG standards; performing tests of design and operating effectiveness; communicating results; developing action plans; staying updated on regulatory changes.

Qualifications

• Bachelor's degree in MIS, CS, accounting, finance or IT-related field
• 2-4 years IT auditing, information security, privacy or related experience
• Strong verbal and written English communication; travel up to 30% may be required
• Professional certifications (CIA, CISA, CISSP) preferred

Information Security Manager

Posted 1 day ago

Role focuses on overseeing information security strategy, governance, risk management, incident response, and alignment with regulatory frameworks such as ISO 27001, NIST, PCI-DSS, HIPAA, GDPR. Responsibilities include policy development, risk assessments, audits, vendor security reviews, and ensuring security controls across IT operations.

• Lead development and maintenance of security policies and compliance programs
• Oversee security operations, IAM, MFA, and access governance
• Coordinate internal and external audits; facilitate audits and regulatory reviews
• Manage risk register and remediation plans
• Provide security leadership and cross-functional collaboration

What It Takes

• 6+ years in IT security/compliance; 2+ years in leadership
• Strong knowledge of ISO 27001, NIST, COBIT, PCI-DSS, HIPAA, GDPR
• Experience with risk assessments, audits, and corrective actions
• Excellent communication and stakeholder management
• Bachelor’s in Information Security, CS, IT or related; certifications such as CISM, CISA, CISSP preferred

Note: This posting consolidates multiple information security roles across different teams and locations. It maintains original language and intent, focusing on responsibilities and qualifications, and retains EEO policy references where present.