Sr. Director, Business Information Security Officer - Remote or Hybrid from MN or DC

About the position Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. We are seeking a Sr. Director, Business Information Security Officer to drive execution and program management of security strategy and risk governance adherence for our Enterprise Data & AI/ML divisions. This role anchors and supports the technology teams accountable for critical security controls around the design, deployment, and scaling of Enterprise Data & AI/ML solutions-particularly Generative AI and enterprise LLM platforms-while balancing risk, innovation, and compliance across global operations. The candidate must bring 12+ years of demonstrated success in enterprise security leadership roles, with specific expertise in Data & AI/ML security, indirect team leadership, and global regulatory experience in large multinational environments. You'll enjoy the flexibility to telecommute from anywhere within the U.S. as you take on some tough challenges. This role may be hybrid, work in office and out. #ESRO #AIML You'll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week. Responsibilities • Enterprise Data & AI/ML & LLM Security Leadership • Understand and contribute to LLM threat modeling, prompt injection detection, adversarial testing, and alignment protocols • Drive Security for AI/ML development pipelines (MLOps), integrating DevSecOps principles, access controls, and provenance tracking • Guide and consult on model lifecycle security including fine-tuning risks, output sanitization, hallucination detection, and bias remediation • Consult on and drive adherence to data governance guardrails for training, inference, storage, and synthetic data creation • Risk Management & Compliance • Map evolving AI/ML risks against global frameworks: EU AI Act, NIST AI RMF, ISO 42001, DPDP Act, and internal GRC mandates • Drive action and accountability for enterprise-wide AI/ML risk assessments, internal audits, and red teaming exercises targeting GenAI systems • Support regulatory responses, incident management, and executive briefings tied to AI/ML program controls • Collaborate with Legal, Data Privacy, and Engineering teams to align on emerging AI ethics and liability risks • Leadership & Enablement • Act as Security Advisor to technology leadership, bridging technical realities with strategic risk perspectives • Champion secure enablement, helping business units adopt AI/ML responsibly and confidently • Drive action with virtual cross-functional teams including data science, product, legal, and security engineering stakeholders • Influence culture and policy through thought leadership, workshops, and publication of enterprise AI Security Playbooks • Communication & Advocacy • Draft C-suite-level strategy briefings, board-level updates, and actionable security advisories • Engage in global forums, contribute to regulatory consultations, and build the firm's external reputation in AI/ML security • Translate technical risk into business impact for a non-technical audience Requirements • 16+ years of experience in Information/Cyber Security in corporate environment, including 5+ years in emerging tech (AI/ML, data platforms, analytics systems) • Experience managing risks tied to data integrity, model drift, shadow AI deployments, and third-party AI services • Proven track record securing AI platforms and LLM ecosystems (e.g., OpenAI, Azure AI, Vertex AI, AWS Bedrock) • Solid command of cloud-native architecture, zero trust security models, and federated learning environments • Proven history of indirect leadership, driving outcomes across non-reporting teams and global stakeholders Nice-to-haves • CISM / CISSP / CCSP / CRISC / CIPP or equivalent • ISO/IEC 27001, ISO 42001 (AI Management) experience • Microsoft, AWS, or Google AI/ML security training • Completion of NIST AI RMF workshops or red team exercises targeting GenAI • All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy. Benefits • a comprehensive benefits package • incentive and recognition programs • equity stock purchase • 401k contribution Apply tot his job