Senior Vice President, Global Cyber Defense

The Enterprise Information Security (EIS) team is the first-line of defense against securing the largest healthcare company in the world against security threats. We are focused on transformation by strengthening our cyber defenses, ransomware resiliency, mitigating vulnerabilities, and better securing all aspects of our company, globally. We are vigilant and passionate about protecting the sensitive data of our members and providers and are committed to leveraging every tool, partnership and process needed to enhance our security posture. It is our duty to protect the information of those we serve and help fulfill our mission of making the health care system work better for everyone.

The SVP of Global Cyber Defense is a critical member of the EIS leadership team (as a direct report to the CISO) responsible for protecting the digital assets and infrastructure of our Fortune 5 healthcare company. This role is responsible for developing, implementing, and managing a comprehensive cyber defense strategy to protect against evolving cyber threats. This leadership role includes the management of a 350+ person globally dispersed team of cyber practitioners and the associated team logistics & financials.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges.

Primary Responsibilities:

• Strategic Leadership
  • Develop and implement a comprehensive cyber defense strategy aligned with the company's overall business objectives and cyber security transformation goals
  • Lead a highly committed global security team of about 380 people to respond to the top security challenges that the business faces, including safeguarding intellectual property and sensitive information, mitigating security risks, and protecting and maintaining critical security infrastructure
  • Serve as the primary spokesperson for cyber defense initiatives, communicating effectively with executives, board members, and other stakeholders
  • Provide strategic leadership in operating, building, and managing cyber defense & attack surface reduction and monitoring capabilities including updating security strategy, providing program coordination, and reporting on information security program effectiveness
  • Shape a strong security posture with comprehensive detection, prevention, and remediation services for on-prem, cloud and emerging technologies
  • Engage with peers across the healthcare and financial services industry to identify and apply relevant best practices, technologies and trends
• Threat Intelligence and Risk Management:
  • Stay abreast of the latest cyber threats and vulnerabilities relevant to the healthcare and financial services industries
  • Develop and maintain a robust threat intelligence program to identify (threat hunt), analyze and prioritize potential risks
  • Implement proactive risk mitigation strategies to educate, inform on and minimize the impact of potential cyberattacks
  • Implement and operate an insider threat program in collaboration with legal, human resources, communications and physical security teams
• Incident Response and Recovery
  
  
  • Establish and maintain an effective incident response program to detect, contain, and remediate security breaches
  • Lead incident response teams during cybersecurity events, ensuring swift and effective action to minimize damage and downtime
  • Develop and implement incident response plans and processes and practice these plans on a frequent basis
  • Be a visible cyber security leader to senior executives and the board of directors to ensure applicable stakeholders know and practice their roles and responsibilities in the event of a cyber event
• Security Operations
  
  
  • Set requirements and participate in the implementation and management of security technologies and tools, including firewalls, intrusion detection systems, and security information and event management (SIEM) platforms
  • Ensure the ongoing monitoring and analysis of security logs and alerts to identify and respond to potential threats
  • Conduct regular security assessments and vulnerability scans to identify and address weaknesses in the company's security posture
• Additional Responsibilities
  • Coordinate with other internal business units and operations centers across UnitedHealth Group to maintain a full scope cyber defense program
  • Work collaboratively across cybersecurity disciplines and business units, as well as external partner organizations, to ensure the intended security posture is monitored to identify potential business impacting issues or active attacks and conducting regular cybersecurity validation
  • Partner with technology operations, event management, foundational engineering, and the information security office to extend and sustain our defensive and counter threat capabilities
  • Provide guidance, consulting and event leadership to IT operations and application teams specific to requirements that reduce the company's threat landscape and readiness to respond cross-functionally to security and technology events that either create risk to information entrusted to the company or have the potential to impact operations
  • Collaborate with information technology in support of operational initiatives, integrated development operations (DevOps) and programs that support operational activities
  • Establish and/or evolve operational metrics that measure program outcomes and sustainability and support strategic business decisions and prioritization
  • Manage the portfolio of Cyber Defense technologies and tools effectively across performance, cost and integration dimensions
  • Own shared accountability for operational execution, agenda prioritization and service management across the technology system, including achieving and maintaining performance and stability outcomes

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 15+ years of experience in cybersecurity, with at least 5 years of serving in a leadership role within an enterprise cyber security program
• Proven track record of developing and implementing successful cyber defense strategies, teams, processes and technologies at scale globally
• 10+ years of direct accountability for identification of talent and management of individuals from both business backgrounds and technology disciplines
• Deep understanding of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO 27001, HIPAA, etc.).
• Expertise in threat intelligence, risk management, incident response, and security operations, security engineering / security technologies
• Solid leadership, communication, and interpersonal skills to include written and verbal communication to executive teams and boards of directors
• Proven ability to effectively collaborate with cross-functional teams including communications, legal, finance, human resources and business unit leaders
• Demonstrated proficiency in the latest principles and science used to address and combat advanced threats against commercial enterprises and systems
• Experience leading and managing individuals, program and project activities delivered in different geographies and cultures
• Demonstrated technical background and cross-functional expertise in both infrastructure and application security and proven operational leadership experience in both disciplines
• Experience protecting an integrated IT system that includes internally owned assets and those operated by third parties, including cloud service providers
• History of success collaborating with a team of diverse individuals from Operations, Business, IT, Legal, Compliance and Privacy disciplines to produce results
• Proven planning, organizational, collaboration and leadership skills
• Ability to successfully operate and drive change at all operational and organizational levels, whether directly managed or through influence, and across multiple global cultures
• Results oriented, operations focused, and data / information driven decisionmaker
• Demonstrated history of creating and operating in a continuous improvement environment
• Ability to work in and thrive in a highly energized and highly matrixed environment with proven experience influencing direction and strategies in a collaborative manner
• Selfless commitment to integrated operations with peers and leaders across a complex IT environment
• True and proven commitment to customer satisfaction and the highest ethical standards
• History of presenting to senior executives and regulatory auditors
• Proven adaptability and flexibility in approaches used to fully engage with different audiences

Preferred Qualifications:

• Previous experience serving as a CISO or equivalent role
• Proven experience projecting security as an enabler in an Agile and integrated DevOps model
• Industry-specific certifications in information security, including one or more of the following: CISSP; CISA and CISM; ITIL; PMP
• Direct experience evolving large cyber defense programs post-breach
• Experience in the healthcare and/or financial services industry
• Understanding of business processes, application, and infrastructure requirements for the healthcare industry
• Industry-specific certifications in information security, including one or more of the following: CISSP, CISA and CISM, ITIL, PMP

Additional Considerations:

• High level of confidentiality and discretion due to the sensitive nature of the data and systems involved
• Expected to work flexible hours and be available on-call to respond to security incidents

*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

California, Colorado, Connecticut, Hawaii, Nevada, New York, Rhode Island, or Washington, Washington, D.C. Residents Only: The salary range for California, Colorado, Connecticut, Hawaii, Nevada, New York, Rhode Island, Washington or Washington, D.C. residents is $350,000 to $450,000 per year. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. UnitedHealth Group complies with all minimum wage laws as applicable. In addition to your salary, UnitedHealth Group offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with UnitedHealth Group, you'll find a far-reaching choice of benefits and incentives

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.

---