Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start **Caring. Connecting. Growing together.** This role of Enterprise Risk Governance & Compliance Advisory is a senior executive responsible for leading the design, execution, and transformation of risk governance and compliance programs across the enterprise. This role is pivotal in ensuring the organization’s adherence to healthcare and insurance regulatory frameworks—including NYDFS Cybersecurity Regulation, HIPAA, HITRUST, and SOX—while embedding risk-informed decision-making into business and security operations. The VP will lead a team of senior directors or directors and subject matter experts, driving both strategic direction and tactical execution of risk transformation initiatives. You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. **Primary Responsibilities:** **Strategic & Tactical Risk Governance** + Lead the development and continuous improvement of enterprise risk governance frameworks tailored to the healthcare and insurance sectors + Serve as a strategic advisor to senior leadership on risk posture, emerging threats, and mitigation strategies + Ensure compliance with NYDFS, HIPAA, HITRUST, and other applicable regulatory frameworks through proactive governance and oversight + Oversee the full risk management lifecycle including risk identification, assessment, mitigation, monitoring, and reporting **Technology & Cybersecurity Risk Management** + Partner with the CISO, CIO, and business leaders to assess and manage risks related to digital transformation, cloud adoption, and third-party ecosystems + Integrate cybersecurity and technology risk into the broader enterprise risk management (ERM) framework using NIST CSF, ISO 27001, and HITRUST methodologies + Oversee risk assessments, control testing, and remediation planning for technology and security domains **GRC Transformation Advisory** + Lead enterprise-wide transformation initiatives to modernize risk, compliance, and control functions + Provide tactical advisory to business and technology units on control design, automation, and risk mitigation strategies + Drive the adoption of GRC platforms and tools (e.g., Archer, ServiceNow GRC, Open Pages) to enhance risk visibility, workflow efficiency, and reporting accuracy **Audit & Regulatory Compliance** + Oversee enterprise audit readiness and compliance programs, ensuring timely and effective response to internal and external audits, including NYDFS and SOX requirements + Collaborate with internal audit, legal, and compliance teams to ensure a unified and proactive approach to risk and control management + Drive remediation of audit findings and ensure sustainable control improvements across the enterprise **Metrics, Reporting & Risk Transparency** + Define and operationalize key risk indicators (KRIs), control effectiveness metrics, and compliance dashboards + Deliver executive-level reporting to senior leadership, the Board, and Audit Committee, providing actionable insights and risk intelligence + Leverage data analytics and automation to enhance risk transparency and decision-making **People Leadership & Culture Building** + Lead and develop a high-performing team of senior leaders and risk professionals across multiple geographies + Foster a culture of integrity, transparency, and continuous learning across the organization + Champion diversity, equity, and inclusion in leadership development and succession planning You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. **Required Qualifications:** + Bachelor’s degree in Business, Information Security, Risk Management, or related field; advanced degree or certifications (e.g., CRISC, CISA, CISSP, CPA) preferred + 15+ years of progressive experience across the full risk management lifecycle, preferably within healthcare, insurance, or similarly mature and regulated industries such as financial services + At least 5 years in a senior leadership role managing leaders of leaders and cross-functional teams in a matrixed environment + Deep knowledge of healthcare and insurance regulatory frameworks, including NYDFS Cybersecurity Regulation, HIPAA, HITRUST, SOX, and NIST + Proven experience leading GRC transformation initiatives and implementing enterprise GRC platforms (e.g., Archer, ServiceNow GRC) + Solid analytical, communication, and stakeholder engagement skills, with a track record of influencing executive leadership and Boards + Demonstrated ability to drive enterprise-wide risk transparency, control maturity, and regulatory alignment through metrics, reporting, and advisory + External consulting experience in risk, compliance, or cybersecurity is a strong plus, particularly in advising large, regulated enterprises on GRC strategy and transformation *All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy. Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The salary for this role will range from $196,600 to $337,100 annually based on full-time employment. We comply with all minimum wage laws as applicable. **Application Deadline:** This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. _At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission._ _UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations._ _UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment._