Auditor - San Juan, PR Job at UnitedHealth Group in San Juan
UnitedHealth Group, San Juan, United States
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data. This role works closely with user departments and cross‑functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness.
Primary Responsibilities:
Risk & Governance
Align security policies and standards with IT infrastructure frameworks (ISO 27001, NIST, ITIL)
Lead policy exception and risk management, including logging, assessment, and mitigation
Conduct vendor tier assessments, clarify tiering logic, and ensure correct application of security reviews
Oversee remediation of critical/high vulnerabilities, verify aging data, and confirm with SLOs on unresolved exploits
Support overall application security governance
Compliance & Certification
Ensure compliance with regulatory requirements (ISO 27001, NYDFS, NIST)
Lead and support ISO 27001/ISMS program implementation and audits for assigned geographies/scope
Maintain and update compliance trackers, dashboards, and reporting frameworks
Perform audits to identify control gaps and implement corrective action plans
Monitor compliance with corrective actions and address non‑compliance issues
Review and attest security attributes for applications, including MFA, orientation, data type, and access provisioning
Incident Management & Investigation
Facilitate and lead security incident investigations, including physical security, fire safety, access control, and environmental controls
Ensure proper logging and escalation of incidents
Coordinate with other teams for incident related activities
Security Awareness & Training
Drive security awareness campaigns, training, and infographics for employees and contractors
Track and report on training completion rates, phishing metrics, and awareness initiatives
Develop and communicate security content, including videos and best practices
Stakeholder Engagement & Communication
Communicate professionally with stakeholders and end users through multiple channels
Collaborate with business, and other concerned teams for regulatory reporting and audit support
Provide consulting and support for customer audits, contract reviews, and acquired entity compliance
Physical Security & Site Compliance
Conduct physical compliance walks, assess fire safety, access control, secure printing, and data privacy at sites
ENGLISH PROFICIENCY ASSESSMENT WILL BE REQUIRED AFTER APPLICATION
You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications:
8+ years of information security experience
Experience with ISO27001 (ISMS), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
Professional proficiency both with English and Spanish
Proven auditing skills and ability to manage risk assessments/projects independently
Proven excellent verbal and written communication skills
Proven solid presentation skills, especially the ability to explain technology to non‑technical personnel
Demonstrated ability to work independently, meet deadlines, and maintain stakeholder confidence
Preferred Qualifications:
Certifications: CISSP, CISA, ISO27001 Lead Implementer or Lead Auditor
Experience in physical security, compliance walks, and site‑level assessments
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone—of every race, gender, sexuality, age, location and income—deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
UnitedHealth Group is a drug‑free workplace. Candidates are required to pass a drug test before beginning employment.
#PRLinkedIn
#J-18808-Ljbffr
In Summary: The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data . This role works closely with user departments and cross‑functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness .
En Español: Optum es una organización global que ofrece atención, ayudada por la tecnología para ayudar a millones de personas a vivir vidas más saludables. El trabajo que haga con nuestro equipo mejorará directamente los resultados de salud al conectar a las personas con el cuidado, beneficios farmacéuticos, datos y recursos que necesitan para sentirse lo mejor posible. Aquí encontrará una cultura guiada por inclusión, compañeros talentosos, beneficios integrales y oportunidades de desarrollo profesional. Ven a hacer un impacto en las comunidades que servimos mientras nos ayudan a avanzar en la optimización de la salud a escala mundial. Únete a nosotros para comenzar Caring. Conectarse. Crecer juntos. Esta función trabaja en estrecha colaboración con los departamentos de usuarios y equipos interfuncionales para implementar controles de seguridad sólidos, impulsar el cumplimiento y fomentar una cultura de concienciación sobre la seguridad. Responsabilidades primarias: Riesgo y gobernanza Alinear las políticas y estándares de seguridad con los marcos de infraestructura de TI (ISO 27001, NIST, ITIL) Excepción política líder y gestión del riesgo, incluida la registro, evaluación y mitigación Conducir evaluaciones a nivel de proveedor, aclarar la lógica de clasificación y garantizar la correcta aplicación de revisiones de seguridad Supervisar la corrección de vulnerabilidades críticas/altas, mejorar los datos de antigüedad, y confirmar con los SLOs explotaciones no resueltas Apoyar al gobierno de seguridad Verificar la conformidad y certificación Asegurar que se cumplen con los requisitos regulatorios de acceso a aplicaciones (ISO27001, NYDFS, NIST), Asistir a las partes interesadas y proporcionar conocimientos acerca de la vigilancia de la protección del medio ambiente Los sistemas de control e auditoría de riesgos y otras actividades relacionadas con la implementación de informes de seguridad, comprobar y evaluar las medidas de seguimiento e inspecciones de información, así como realizar tareas técnicas de verificación y revisión de seguridad de los empleados, revisar las normas de seguridad a través de los servicios de seguridad y otros canales de comunicación, llevar a cabo campañas de trabajo, controlar las prácticas de control de seguridad e instrucción y la seguridad y la ejecución de pruebas de seguridad; Creemos que todas las personas de cada raza, género, sexualidad, edad, ubicación e ingreso merecen la oportunidad de vivir su vida más saludable. Hoy en día, sin embargo, todavía hay demasiadas barreras a la buena salud que experimentan desproporcionadamente los negros, grupos históricamente marginados y aquellos con ingresos más bajos. Nos comprometemos a mitigar nuestro impacto sobre el medio ambiente y permitir y ofrecer una atención equitativa que aborde disparidades sanitarias y mejore los resultados sanitarios -una prioridad empresarial reflejada en nuestra misión. UnitedHealth Group es un Empleador de Igualdad de Oportunidades de Trabajo bajo la ley vigente y los solicitantes calificados recibirán consideración por empleo independientemente de su raza, origen nacional, religión, edad , color, sexo, orientación sexual, identidad de género , discapacidad o estatuto protegido u cualquier otro lugar protegido por leyes estatales, legales federales, reglamentos laborales o locales.
The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data. This role works closely with user departments and cross‑functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness.
Primary Responsibilities:
Risk & Governance
Align security policies and standards with IT infrastructure frameworks (ISO 27001, NIST, ITIL)
Lead policy exception and risk management, including logging, assessment, and mitigation
Conduct vendor tier assessments, clarify tiering logic, and ensure correct application of security reviews
Oversee remediation of critical/high vulnerabilities, verify aging data, and confirm with SLOs on unresolved exploits
Support overall application security governance
Compliance & Certification
Ensure compliance with regulatory requirements (ISO 27001, NYDFS, NIST)
Lead and support ISO 27001/ISMS program implementation and audits for assigned geographies/scope
Maintain and update compliance trackers, dashboards, and reporting frameworks
Perform audits to identify control gaps and implement corrective action plans
Monitor compliance with corrective actions and address non‑compliance issues
Review and attest security attributes for applications, including MFA, orientation, data type, and access provisioning
Incident Management & Investigation
Facilitate and lead security incident investigations, including physical security, fire safety, access control, and environmental controls
Ensure proper logging and escalation of incidents
Coordinate with other teams for incident related activities
Security Awareness & Training
Drive security awareness campaigns, training, and infographics for employees and contractors
Track and report on training completion rates, phishing metrics, and awareness initiatives
Develop and communicate security content, including videos and best practices
Stakeholder Engagement & Communication
Communicate professionally with stakeholders and end users through multiple channels
Collaborate with business, and other concerned teams for regulatory reporting and audit support
Provide consulting and support for customer audits, contract reviews, and acquired entity compliance
Physical Security & Site Compliance
Conduct physical compliance walks, assess fire safety, access control, secure printing, and data privacy at sites
ENGLISH PROFICIENCY ASSESSMENT WILL BE REQUIRED AFTER APPLICATION
You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications:
8+ years of information security experience
Experience with ISO27001 (ISMS), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
Professional proficiency both with English and Spanish
Proven auditing skills and ability to manage risk assessments/projects independently
Proven excellent verbal and written communication skills
Proven solid presentation skills, especially the ability to explain technology to non‑technical personnel
Demonstrated ability to work independently, meet deadlines, and maintain stakeholder confidence
Preferred Qualifications:
Certifications: CISSP, CISA, ISO27001 Lead Implementer or Lead Auditor
Experience in physical security, compliance walks, and site‑level assessments
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone—of every race, gender, sexuality, age, location and income—deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
UnitedHealth Group is a drug‑free workplace. Candidates are required to pass a drug test before beginning employment.
#PRLinkedIn
#J-18808-Ljbffr
In Summary: The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data . This role works closely with user departments and cross‑functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness .
En Español: Optum es una organización global que ofrece atención, ayudada por la tecnología para ayudar a millones de personas a vivir vidas más saludables. El trabajo que haga con nuestro equipo mejorará directamente los resultados de salud al conectar a las personas con el cuidado, beneficios farmacéuticos, datos y recursos que necesitan para sentirse lo mejor posible. Aquí encontrará una cultura guiada por inclusión, compañeros talentosos, beneficios integrales y oportunidades de desarrollo profesional. Ven a hacer un impacto en las comunidades que servimos mientras nos ayudan a avanzar en la optimización de la salud a escala mundial. Únete a nosotros para comenzar Caring. Conectarse. Crecer juntos. Esta función trabaja en estrecha colaboración con los departamentos de usuarios y equipos interfuncionales para implementar controles de seguridad sólidos, impulsar el cumplimiento y fomentar una cultura de concienciación sobre la seguridad. Responsabilidades primarias: Riesgo y gobernanza Alinear las políticas y estándares de seguridad con los marcos de infraestructura de TI (ISO 27001, NIST, ITIL) Excepción política líder y gestión del riesgo, incluida la registro, evaluación y mitigación Conducir evaluaciones a nivel de proveedor, aclarar la lógica de clasificación y garantizar la correcta aplicación de revisiones de seguridad Supervisar la corrección de vulnerabilidades críticas/altas, mejorar los datos de antigüedad, y confirmar con los SLOs explotaciones no resueltas Apoyar al gobierno de seguridad Verificar la conformidad y certificación Asegurar que se cumplen con los requisitos regulatorios de acceso a aplicaciones (ISO27001, NYDFS, NIST), Asistir a las partes interesadas y proporcionar conocimientos acerca de la vigilancia de la protección del medio ambiente Los sistemas de control e auditoría de riesgos y otras actividades relacionadas con la implementación de informes de seguridad, comprobar y evaluar las medidas de seguimiento e inspecciones de información, así como realizar tareas técnicas de verificación y revisión de seguridad de los empleados, revisar las normas de seguridad a través de los servicios de seguridad y otros canales de comunicación, llevar a cabo campañas de trabajo, controlar las prácticas de control de seguridad e instrucción y la seguridad y la ejecución de pruebas de seguridad; Creemos que todas las personas de cada raza, género, sexualidad, edad, ubicación e ingreso merecen la oportunidad de vivir su vida más saludable. Hoy en día, sin embargo, todavía hay demasiadas barreras a la buena salud que experimentan desproporcionadamente los negros, grupos históricamente marginados y aquellos con ingresos más bajos. Nos comprometemos a mitigar nuestro impacto sobre el medio ambiente y permitir y ofrecer una atención equitativa que aborde disparidades sanitarias y mejore los resultados sanitarios -una prioridad empresarial reflejada en nuestra misión. UnitedHealth Group es un Empleador de Igualdad de Oportunidades de Trabajo bajo la ley vigente y los solicitantes calificados recibirán consideración por empleo independientemente de su raza, origen nacional, religión, edad , color, sexo, orientación sexual, identidad de género , discapacidad o estatuto protegido u cualquier otro lugar protegido por leyes estatales, legales federales, reglamentos laborales o locales.