IT Commercial Solutions Security Manager- Charleston, WV
February 14, 2018
Charleston, West Virginia
Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm) The Commercial Solutions Security Manager oversees the information security and privacy program of a state government client information system or network; including managing information security and privacy implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, HIPAA compliance, and other resources. The Commercial Solutions Security Manager is considered key personnel supporting the State business model and is responsible for ensuring State requirements related to security are met or exceeded as well as ensuring that Enterprise Information Security (EIS) fully understands and is engaged to support the needs, objectives and priorities of the State.Major ResponsibilitiesAdvise senior management (e.g., Chief Information Security Officer [CISO], Chief Information Officer [CIO]) on risk levels, security posture, on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.Advise Authorizing Official of changes affecting the organization's cybersecurity posture. Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.Ensure security improvement actions are evaluated, validated, and implemented as requiredEvaluate and approve development efforts to ensure that baseline security safeguards are appropriately installedIdentify information technology (IT) security program implications of new technologies or technology upgrades. Assist with alignment of information technology (IT) security priorities with the security strategy, information security budget, staffing, and contracting. Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection. Provide technical documents, incident reports, and findings from computer examinations, summaries, and other situational awareness information to higher Management. Recognize a possible security violation and take appropriate action to report the incident, as required. Recommend policy and coordinate review and approval.Supervise or manage protective or corrective measures when vulnerabilities are discovered. Track audit findings and recommendations to ensure appropriate mitigationAct as the Single point of contact for supporting Security and privacy AuditsManages security of the architecture, infrastructure and network and its multi-platform environmentsResponsible for verifying security is a primary focus during Design, Development and Implementation phaseResponsible for compliance of staff with HIPAA and other state and federal security standards as the HIPAA Compliance OfficerCompetencies and Best Practice for High Performers Exhibits strong customer and continuous improvement focus-Relates well to constraints experienced by business partners and finds practical, win-win solutions-Challenges self and others to continually find ways to improve customer service and satisfaction-Analyzes customer needs; ensures solutions meet business and security requirements-Holds self and others accountable for meeting customer needs and expectations in a timely, professional manner-Maintains high personal accountability; takes ownership of issues, develops effective remediation approaches, and drives for resultsEmploys business acumen to develop appropriate solutions and solve problems - Understands business risks and business objectives-Understands health care delivery and provider environments-Demonstrates interest in contributing one of Optum's strategic growth business segments-Able to translate business needs into information security requirements-Ability to communicate technical security risks in a manner that resonates with business leaders verbally and within PowerPoint presentationsExpert knowledge of EIS practices and processes-Demonstrated understanding of the mechanics of engaging appropriate EIS resources -Demonstrated understanding of EIS processes and policies, and can explain why they are important in a non-technical manner-Serves as the key facilitator between business and technical security resources as the business on-boards to various security processes and capabilities.-Demonstrates commitment to overall task completion in a closed loop manner, leaving no loose ends behindAnalytical and communication capabilities-Able to understand a problem, develop a solution and communicate the risks mitigated and the benefits expected-Articulate; able to explain technical concepts to non-technical audiences in lay termsDetail oriented-Pays attention to the details in all work products (i.e. e-mails, phone calls, presentations)Project management skills-Able to establish and manage to a planned set of related activities-Ability to influence within a matrixed organization-Focused on hitting deadlines-Resourceful; able to gather and direct others to accomplish a goal, with little oversight or guidanceTime management and self-control-Manages competing and conflicting priorities-Manages multiple, overlapping tasks successfully-When conflicts of priority arise, ensures clarification of priorities as needed-Maintains effectiveness and composure in difficult or complex situationsDemonstrates executive presence and has excellent communication and client relationship management skills with senior management on issues and key risks to the business (PowerPoint presentations, executive summaries, etc.)Ability to negotiate and influence without authority; keep resources accountable for delivering upon their commitments.
RequirementsBachelor's degree5+ years of information security experience in (or consulting with) large, highly-regulated companiesRequired certification - at lease one of the following: -CISSP Certified Information Systems Security Professional ISC2, -CISA Certified Information Systems Auditor ISACA, -Experience with practical interpretation and application of policy and standardsSubject matter expert knowledge of the technology aspects of securitySubject matter expert knowledge of the technology aspects of security and privacyExperience supporting multi-platform environmentsExpert knowledge of security audit single point of contactPreferred:Health care delivery and provider experienceInternal Revenue Service Publication 1075 (IRS 1075)Minimum Acceptable Risk Standards for Exchanges - MARS-ENational Institute of Standards and Technology – NIST 800-53Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SMDiversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.
Internal Number: 746996
About UnitedHealth Group
Our mission is to help people live healthier lives and to help make the health system work better for everyone.- We seek to enhance the performance of the health system and improve the overall health and well-being of the people we serve and their communities. - We work with health care professionals and other key partners to expand access to quality health care so people get the care they need at an affordable price. - We support the physician/patient relationship and empower people with the information, guidance and tools they need to make personal health choices and decisions.