Apply on Employer Site

UnitedHealth Group · 14 hours ago

Director, Cybersecurity - Remote or Hybrid in DC, NC and MN

Eden Prairie, MN

Full-time

Hybrid

Director/Executive

$64.71/hr - $110.96/hr

10+ years exp

UnitedHealth Group is a global leader in health care innovation, seeking a Director of Security Incident Response to lead their incident response program. This role involves strategic oversight and operational leadership to ensure effective response to cybersecurity incidents and protect enterprise assets.

Health CareHospitalMedicalWellness

Responsibilities

Develop and maintain the enterprise-wide Incident Response Strategy, aligning with frameworks such as NIST, MITRE ATT&CK, and ISO 27035

Establish governance for incident response, including policies, playbooks, and escalation protocols

Serve as the primary liaison with executive leadership, legal, compliance, and communications teams during major incidents

Oversee 24/7 incident response operations, including triage, containment, forensic analysis, and remediation

Direct Incident Response and Digital Forensic teams, ensuring readiness and resilience

Coordinate with Cyber Threat Intelligence (CTI), Threat Hunting, and Security Operations Center teams for proactive defense and post-incident analysis

Produce clear metrics and reporting of incident data and KPI's

Manage multiple projects and workstreams simultaneously

Lead response for critical and high-severity incidents, including ransomware, data breaches, network intrusions, and advanced persistent threats (APTs)

Ensure proper chain-of-custody for forensic evidence and compliance with regulatory requirements (e.g., HIPAA, GDPR)

Drive root cause analysis and lessons learned to strengthen security posture

Partner with Legal, Privacy, and Compliance Officers for breach notifications and regulatory reporting

Communicate incident status and impact to executive leadership and internal stakeholders

Represent the organization in interactions with 3rd party incident response and legal firms

Collaborate with Security Officers, Merger & Acquisitions, Security Architecture & Engineering, Governance and other Global Security Operation teams

Conduct post-incident reviews and implement action plans

Develop and deliver training programs for incident response teams

Maintain awareness of emerging threats and integrate threat intelligence into response strategies

Qualification

Incident Response StrategyCybersecurity LeadershipForensic AnalysisIncident Response FrameworksTechnical CertificationsCloud SecurityProject ManagementContinuous ImprovementCollaborationCommunication

Required

Bachelor's degree in Computer Science, Cybersecurity, or related field

CISSP, CISM, GSTRT, and other technical certifications from ISC2, CompTIA, SANS, ISACA, CSP's, etc

10+ years of experience in cybersecurity

5+ years of experience in incident response leadership of very large organizations

5+ years of experience managing global 24/7 SOC/IR teams and large-scale security incidents

5+ years of deep knowledge of incident response frameworks, forensic tools, EDR/XDR, Public Cloud, application security, networking and SIEM platforms

3+ years of Project management experience

Demonstrated ability to translate technical risk into business impact