Information Security Risk Auditor – Hybrid in MN or DC
About the position
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.
The Associate Information Security Risk Auditor (Metric Lifecycle) is an early-career contributor responsible for supporting the assessment and validation of security risk metrics across their full lifecycle. This role focuses on evaluating metric governance processes, data integrity, and reporting accuracy to ensure alignment with enterprise risk appetite, regulatory obligations, and leading frameworks (e.g., NIST CSF, ISO/IEC 27001). The auditor works closely with metric owners, risk teams, and technology stakeholders to identify gaps, validate evidence, and recommend improvements. Strong attention to detail, analytical skills, and the ability to communicate findings clearly are essential.
You will enjoy the flexibility to telecommute from anywhere within the U.S. as you take on some tough challenges.
Responsibilities
• Assist in assessments of metric lifecycle processes (define → approve → implement → monitor → retire)
• Validate that metrics accurately measures control effectiveness and risk posture
• Maintain audit-ready documentation and assist in tracking metric adherence and reporting accuracy
• Support mapping of metrics to applicable frameworks and regulatory requirements
• Perform periodic reviews of metric data and dashboards to ensure accuracy and completeness
• Escalate gaps in metric integrity or reporting for remediation and track closure
• Support alignment verification against frameworks (e.g., NIST CSF, ISO 27001) and obligations (e.g., SOX, SOC 2)
• Prepare draft audit reports and dashboards for management review
• Participate in governance meetings and provide input on metric compliance status
• Assist in awareness efforts related to metric governance and accountability
• Support metric lifecycle audits and compliance reviews
• Ensure audit documentation and evidence traceability are complete and accurate
• Collaborate with risk and compliance teams to track remediation progress
• Contribute to process improvement initiatives, including automation opportunities
Requirements
• Associate’s degree (or higher) in Information Security, Risk Management, Business, or related field
• 1+ years of experience with information security auditing, compliance, or risk management (internship or entry-level acceptable)
• 1+ years of experience working collaboratively across teams in a matrixed environment
• Intermediate level of experience with metric governance, GRC tools, and evidence collection processes
Nice-to-haves
• Bachelor’s degree in Information Security, Risk Management, Business, or related field
• Certifications such as CISA, CRISC
Apply Now
Apply Now
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.
The Associate Information Security Risk Auditor (Metric Lifecycle) is an early-career contributor responsible for supporting the assessment and validation of security risk metrics across their full lifecycle. This role focuses on evaluating metric governance processes, data integrity, and reporting accuracy to ensure alignment with enterprise risk appetite, regulatory obligations, and leading frameworks (e.g., NIST CSF, ISO/IEC 27001). The auditor works closely with metric owners, risk teams, and technology stakeholders to identify gaps, validate evidence, and recommend improvements. Strong attention to detail, analytical skills, and the ability to communicate findings clearly are essential.
You will enjoy the flexibility to telecommute from anywhere within the U.S. as you take on some tough challenges.
Responsibilities
• Assist in assessments of metric lifecycle processes (define → approve → implement → monitor → retire)
• Validate that metrics accurately measures control effectiveness and risk posture
• Maintain audit-ready documentation and assist in tracking metric adherence and reporting accuracy
• Support mapping of metrics to applicable frameworks and regulatory requirements
• Perform periodic reviews of metric data and dashboards to ensure accuracy and completeness
• Escalate gaps in metric integrity or reporting for remediation and track closure
• Support alignment verification against frameworks (e.g., NIST CSF, ISO 27001) and obligations (e.g., SOX, SOC 2)
• Prepare draft audit reports and dashboards for management review
• Participate in governance meetings and provide input on metric compliance status
• Assist in awareness efforts related to metric governance and accountability
• Support metric lifecycle audits and compliance reviews
• Ensure audit documentation and evidence traceability are complete and accurate
• Collaborate with risk and compliance teams to track remediation progress
• Contribute to process improvement initiatives, including automation opportunities
Requirements
• Associate’s degree (or higher) in Information Security, Risk Management, Business, or related field
• 1+ years of experience with information security auditing, compliance, or risk management (internship or entry-level acceptable)
• 1+ years of experience working collaboratively across teams in a matrixed environment
• Intermediate level of experience with metric governance, GRC tools, and evidence collection processes
Nice-to-haves
• Bachelor’s degree in Information Security, Risk Management, Business, or related field
• Certifications such as CISA, CRISC
Apply Now
Apply Now