Information Security Risk Auditor - San Juan, PR

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

The Info Security Risk Auditor is responsible for supporting and enforcing information security policies, standards, and procedures to safeguard proprietary, personal, and privileged electronic data. This role works closely with user departments and cross-functional teams to implement robust security controls, drive compliance, and foster a culture of security awareness.

Primary Responsibilities:

• Risk & Governance

• Align security policies and standards with IT infrastructure frameworks (ISO 27001, NIST, ITIL)

• Lead policy exception and risk management, including logging, assessment, and mitigation

• Conduct vendor tier assessments, clarify tiering logic, and ensure correct application of security reviews

• Oversee remediation of critical/high vulnerabilities, verify aging data, and confirm with SLOs on unresolved exploits

• Support overall application security governance

• Compliance & Certification

• Ensure compliance with regulatory requirements (ISO 27001, NYDFS, NIST)

• Lead and support ISO 27001/ISMS program implementation and audits for assigned geographies/scope

• Maintain and update compliance trackers, dashboards, and reporting frameworks

• Perform audits to identify control gaps and implement corrective action plans

• Monitor compliance with corrective actions and address non-compliance issues

• Review and attest security attributes for applications, including MFA, orientation, data type, and access provisioning

• Incident Management & Investigation

• Facilitate and lead security incident investigations, including physical security, fire safety, access control, and environmental controls

• Ensure proper logging and escalation of incidents

• Coordinate with other teams for incident related activities

• Security Awareness & Training

• Drive security awareness campaigns, training, and infographics for employees and contractors

• Track and report on training completion rates, phishing metrics, and awareness initiatives

• Develop and communicate security content, including videos and best practices

• Stakeholder Engagement & Communication

• Communicate professionally with stakeholders and end users through multiple channels

• Collaborate with business, and other concerned teams for regulatory reporting and audit support

• Provide consulting and support for customer audits, contract reviews, and acquired entity compliance

• Physical Security & Site Compliance

• Conduct physical compliance walks, assess fire safety, access control, secure printing, and data privacy at sites

• ENGLISH PROFICIENCY ASSESSMENT WILL BE REQUIRED AFTER APPLICATION *

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 8+ years of information security experience
• Experience with ISO27001 (ISMS), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2
• Professional proficiency both with English and Spanish
• Proven auditing skills and ability to manage risk assessments/projects independently
• Proven excellent verbal and written communication skills
• Proven solid presentation skills, especially the ability to explain technology to non-technical personnel
• Demonstrated ability to work independently, meet deadlines, and maintain stakeholder confidence

Preferred Qualifications:

• Certifications: CISSP, CISA, ISO27001 Lead Implementer or Lead Auditor
• Experience in physical security, compliance walks, and site-level assessments

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.