Governance Risk and Compliance Consultant

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities

This role is responsible for developing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks while managing third-party risk for our clients. The position ensures adherence to regulatory requirements, internal policies, and industry standards, while proactively identifying and mitigating risks associated with internal processes and external vendors.

·       Develop and maintain GRC frameworks aligned with organizational goals and regulatory requirements.

·       Perform risk assessments, maintain risk registers, and manage risk acceptance and policy exceptions.

·       Ensure compliance with regulatory requirements for clients and internal policies.

·       Monitor information security risks and drive remediation of policy exceptions.

·       Conduct control testing to evaluate the maturity and effectiveness of security controls (HIPAA, HITRUST, NIST

·       Define risk thresholds, implement risk frameworks, and remediate identified gaps.

·       Manage risk and policy exceptions through GRC platforms.

·       Review High and Critical risks monthly with risk owners and executive leadership.

·       Create executive dashboards and reports for leadership visibility into risk posture and KPIs.

·       Stay current on regulatory changes, security trends, and compliance requirements.

·       Track key risk register and policy exception metrics.

·       Establish a baseline of vendor risk and identify areas of potential exposure.

·       Design and implement a consistent Third-Party Risk Management (TPRM) program aligned with internal policy and regulatory requirements.

·       Conduct pre-contract due diligence and ongoing vendor risk assessments.

·       Develop mitigation plans and partner with internal stakeholders to monitor vendor performance post-contract.

·       Provide guidance to business units and sourcing teams on VRM requirements.

·       Maintain structured governance for vendor risk and procurement compliance.

·       Ensure compliance with SOC 1 and SOC 2 audit requirements.

·       Continually reassess operational risks and emerging threats related to vendors.

·       Create executive summaries with recommendations for remediation and risk disposition.

·       Track key vendor-related metrics.

Qualifications

·       Bachelor's degree or higher level of education

· years of technical experience in Information Security

·       GRC platform implementation experience (such as NAVEX Service Now, LogicGate, Rsam)

·       Auditing skills and the ability to manage risk assessments / projects independently.

·       Excellent communication skills both verbal and written.

·       Good presentation skills particularly ability to present technology elements in manner personnel can follow and act.

·       Good understanding of HIPAA, HITRUST and Security Core Concepts

·       Experience with federal cyber security standards (such as NIST

·       Experience in performing vendor & Product assessment (manual or tool-based)

Nice To Have Skills

Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CompTIA Security+: etc.)

Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make the health system work better for everyone. So, when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care must go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.

Market Competitive Benefits and Pay Levels

Great Workplace

Career Growth and Development