Sr Info Security Risk Analyst (Security/Auditing Assessment, NIST)
Optum Manila Full-time
Job Responsibilities
- Lead and execute third-party/vendor security risk assessments and follow-up remediation activities
- Perform risk and control assessments, identify gaps, and recommend corrective actions
- Ensure third-party compliance with policies, procedures, contractual obligations, and regulatory requirements
- Review and analyze third-party security documents including policies, procedures, and audit reports (e.g., SOC 2, SSAE 16, PCI DSS)
- Develop executive summaries, risk assessments, and remediation recommendations
- Track, monitor, and report assessment findings and remediation progress
- Collaborate with stakeholders and third-party vendors to communicate risks and drive remediation efforts
- Understand and enforce General Computing Controls (GCC) within third-party environments
- Translate technical security risks into business impact for non-technical stakeholders
- Maintain and update assessment documentation, procedures, and workpapers
- Stay current with information security trends, risks, and compliance requirements
- Escalate issues, delays, and risks to leadership when necessary
- Bachelor’s degree in IT, Computer Science, or related field (or equivalent experience)
- Proven experience in security risk assessment, auditing, or compliance
- Strong knowledge of security frameworks and standards:
- NIST
- ISO 27001
- COBIT / ITIL / HITRUST
- Experience conducting security assessments and audit reviews
- Strong understanding of:
- SOC 2, SSAE 16, PCI DSS, and other audit reports
- Knowledge of security tools and technologies (e.g., firewall, DLP, antivirus, encryption, vulnerability tools)
- Familiarity with:
- Application security and OWASP Top 10
- Software development and IT system lifecycles
- Strong communication, presentation, and stakeholder management skills
- Highly detail-oriented with strong documentation and reporting skills
- Ability to:
- Work independently and manage third-party assessments end-to-end
- Prepare assessment reports and documentation
- Certifications such as:
- CISA, CISSP, CRISC, ISO 27001, Security+, ISC2 CC
- Experience in third-party risk management (TPRM)
- Exposure to regulated environments (e.g., finance, healthcare)
- Hybrid
- Laptop/Computer Provided by the Company
- Market Total Rewards Package
- Retirement Plan
- Medical Plan (HMO) from Day 1 of employment
- Dental, Medical, and Optical Reimbursements
- Life and Disability Insurance
- Paid Time-Off Benefits
- Sick Leave Conversion
- Tuition Fee Reimbursement
- Employee Assistance Program (EAP)
- Annual Performance Based Merit Increases
- Employee Recognition
- Training and Staff Development
- Employee Referral Program
- Employee Volunteerism Opportunity
- All Mandatory Statutory Benefits
- Optum is the health care technology and innovation company of the UnitedHealth Group enterprise along with UnitedHealthcare.
- UnitedHealth Group is a health care and well-being company with a mission to help people live healthier lives and help make the health system work better for everyone.
- We’re a leading health solution and care delivery organization. Our work is complex, but our mission is simple: create a healthier world, with you at the center.
- As part of a Fortune 5 enterprise, we are improving the health care experience of over 125 million people around the world.
- Elevate your career with a leading health care company while improving lives.
OptumMakati, 6 km from Manila
on a global scale. Join us to start Caring. Connecting. Growing together.
As an Information Security Risk Analyst, you would support information security standards, policies, and procedures to secure and protect data residing on systems. Work directly...
Mandaluyong, 6 km from Manila
Job Description
Posted on 17 June 2026
Risk and Compliance Analyst - MoneeInsure
The Risk and Compliance Analyst provides essential administrative, coordination, and operational support to the Risk and Compliance Team, with a primary focus...
Makati, 6 km from Manila
Job Description
Posted on 16 June 2026
Provides support in risk selection and rentention by executing the actual ocular inspection or properties to be insured; Provide loss investigation and / or risk improvement advice.
Qualifications...