Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

UnitedHealth Group

Principal Info Sec Engineer - Vulnerability Access - Gurgaon, HR


Applications Engineer


Gurgaon, Haryana, India

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm)

This will be a Sr Remediation Officer role for the Remediation Governance team. Your role will be to help, implement, manage, and monitor infrastructure and application remediation efforts to protect the confidentiality, integrity, and availability of the line of businesses information assets. You will partner with BISO & SISO, technology, and application owners to track and/or develop remediation plans for identified vulnerabilities.

You will highlight key findings, progress, and all hurdles and issues to EIS, BISO & SISO leadership on a regular basis and be responsible for influencing the stakeholders to prioritize/execute risk management issues and drive remediation efforts. The Information Security LOB Specialist will carry out these responsibilities in collaboration with IT, business technology groups, risk partners and EIS teams across their respective LOB.

Positions in this function are involved in monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, networks, databases, and Web-based security. Conduct vulnerability assessments and monitor systems, network, databases and Web for potential system breaches. Respond to alerts from information security tools. Report, investigate, and resolve security incidents. Recommend and implement changes to enhance systems security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. May oversee internal or external systems security (i.e., cloud services). Ensure that customers and users have the right access to the right systems at the right times.

Primary Responsibilities:

  • Analyze findings from security monitoring tools
  • Operate in an "Ops & Analysis" function centered on vulnerability remediation; to include building out a 24*7 follow-the-sun model
  • Identify the requirements necessary to build out a vulnerability "aggregate analysis" capability and execute based on those requirements
  • Develop reports and analysis that effectively communicate trends, patterns, and predictions using relevant data
  • Assist in providing excellent client services interactions through work by developing and maintaining effective working relationships with BISO/SISOs, team members, and other stakeholders
  • Support incident requests regarding vulnerability remediation, patching/remediation status, metrics, etc.
  • Review all current and existing vulnerabilities for active and acceptable remediation plans. These plans may be reviewed with BISO or SISO, Application Owners, Data Owners or System Administrators. Verify that remediation plans are implemented as per eGRC guidelines. Review and identify any potential gaps that may result in possible audit issues
  • Drive remediation of end-user device type vulnerabilities
  • Assist in improving the governance of end-user remediation and act as the subject matter expert of end-user remediation governance
  • Review all vulnerability scan reports to identify security risks and report on findings to respective function leaders
  • Respond to relevant requests received from stakeholders, or representatives of stakeholders, for investigation of potential reporting issues
  • Provide all necessary reports and presentations on the status of remediation efforts and all gaps and potential obstacles or issues to function leaders or SLOs
  • Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

  • 14+ years of experience in Information Security and Management
  • Minimum 10 years of sound leadership experience in people management, customer management and excellence
  • Strong people management and customer handling skills and willing to work in a 24/7 environment
  • Exposure to defining and creating projects improving processes, systems, and operations
  • Good communication skills, and the ability to understand cyber security threats from a technical aspect to business-line understanding and execution; ability to cascade risks and propose counter measures to function leaders
  • Worked with large amounts of data: facts, figures, and number crunching. Need to see through the data and analyze it to find conclusions
  • Sound analytical and critical thinking skills, also demonstrate creative problem-solving abilities
  • Ability to work independently on initiatives with little oversight
  • Motivated and willing to learn new things
  • Broad technical background related to security technologies, such as Server and workstation Operating Systems, Network Security, Vulnerability Scanning Engines, Vulnerability Management lifecycle, and Compliance Management solutions
  • Ability to build, partner, communicate and track to completion long term project plans governing the remediation, or mitigation of an array of software and hardware
  • Ability to understand and communicate to executive leadership the risk associated with current state software and hardware environments
  • Strong PC skills including Microsoft Office applications
  • Leadership experience of managing a delivery team size of 20+ staff, ability to work in a flexible environment with multiple priorities and achieving complex deadlines

Preferred Qualifications:

  • Bachelors and/or master’s degree in Computer Science, Information Technology, or related field
  • CISM, CISSP or equivalent certification
  • Strong analytic/problem solving/critical thinking skills
  • Ability to effectively communicate with business function leaders
  • Assist with internal efficiencies projects and development
  • Ability to build, partner, communicate and track to completion long term project plans governing the removal of an array of software and hardware
  • Ability to understand and communicate to executive leadership the risk associated with existing software and hardware environments
  • Ability to interpret multiple information security and currency assessment results

Partners closely with line of business leaders, to inform security risk-based decisions. Leverages deep understanding of the business and strong business acumen to provide information security expertise to key stakeholders. Utilizes experience and deep knowledge of IT platforms, tools, and concepts to ensure cybersecurity requirements are integrated into all levels of decision making. Partners with business leaders, key stakeholders, vendors and/or external parties to inform security risk-based decisions. Ensures partners are executing Secure by Design efforts effectively and efficiently. Typically has 14+ years of relevant experience. May mentor other members of the team.

Careers with Optum. Here's the idea. We built an entire organization around one giant objective; make health care work better for everyone. So when it comes to how we use the world's large accumulation of health-related information, or guide health and lifestyle choices or manage pharmacy benefits for millions, our first goal is to leap beyond the status quo and uncover new ways to serve. Optum, part of the UnitedHealth Group family of businesses, brings together some of the greatest minds and most advanced ideas on where health care has to go in order to reach its fullest potential. For you, that means working on high performance teams against sophisticated challenges that matter. Optum, incredible ideas in one incredible company and a singular opportunity to do your life's best work.(sm)