Information Security Risk Auditor

UnitedHealth GroupEden Prairie, MN
3dRemote
Match Resume

About The Position

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. The Information Security Risk Auditor (Control Design & Effectiveness) is an experienced individual contributor responsible for assessing the design and operating effectiveness of information security controls across the enterprise. This role focuses on evaluating control architecture, implementation, and monitoring to ensure alignment with enterprise risk appetite, regulatory obligations, and leading frameworks (e.g., NIST CSF, ISO/IEC 27001). The auditor works closely with control owners, risk teams, and technology stakeholders to identify design gaps, validate evidence, and recommend improvements. Strong attention to detail, analytical skills, and the ability to communicate findings clearly to stakeholders are essential. The Technology Project Manager works under the guidance of the Technical Program Management Office (PMO), and works in close collaboration with Business Partners, Technical Product Management, Data Science, Engineering, Operations, and other team members who are responsible for the technical delivery of the technical product capabilities. You will enjoy the flexibility to telecommute from anywhere within the U.S. as you take on some tough challenges.

Requirements

  • Bachelor’s degree in Information Security, Risk Management, Business, or related field
  • 5+ years of experience in information security auditing, compliance, or risk management
  • 2+ years of experience in working collaboratively across teams in a matrixed environment
  • 1+ years of experience in performing assessments of control design and effectiveness
  • Intermediate level of experience with GRC tools and evidence collection processes
  • Understanding of security control architecture and regulatory frameworks (NIST, ISO, SOX)
  • Ability to assess control-to-risk mapping and evidence adequacy
  • Strong attention to detail in reviewing compliance metrics and audit evidence
  • Ability to prepare clear reports and communicate effectively
  • Experience with GRC platforms and basic automation concepts

Nice To Haves

  • Certifications such as CISA, CRISC, CISSP, CIA
  • Experience in public accounting and/or auditing

Responsibilities

  • Execute assessments of control design and operating effectiveness across critical security domains (e.g., identity, access, network, cloud, data protection)
  • Validate that controls mitigate identified risks and align with regulatory and internal requirements
  • Maintain audit-ready documentation and assist in tracking control adherence metrics
  • Recommend improvements to control design for scalability, automation, and resilience
  • Perform periodic reviews of control evidence and report adherence rates and exceptions
  • Escalate gaps in control design or effectiveness for remediation and track closure
  • Support alignment verification against frameworks (e.g., NIST CSF, ISO 27001) and obligations (e.g., SOX, SOC 2)
  • Prepare clear audit reports and dashboards for management review
  • Participate in governance meetings and provide input on control effectiveness status
  • Assist in awareness efforts related to control requirements and accountability
  • Support control design and effectiveness audits and compliance reviews
  • Ensure audit documentation and evidence traceability are complete and accurate
  • Collaborate with risk and compliance teams to track remediation progress
  • Contribute to process improvement initiatives, including automation opportunities

Benefits

  • In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
  • No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Information Security Risk Auditor job opportunities

Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton10d • $99,000 - $225,000
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton2d • $99,000 - $225,000
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton • Usa, HI2d • $99,000 - $225,000
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton • Usa, MD11d • $99,000 - $225,000
Information Security Risk Manager
Sonar
Sonar • Austin, TX7d • Onsite
Information Security Risk Specialist
Booz Allen Hamilton
Booz Allen Hamilton2d • $99,000 - $225,000
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service