Director, Cybersecurity - Remote or Hybrid in DC, NC and MN

Introduction

Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care’s most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together.

Job Description

The Director of Security Incident Response (SIR) is responsible for leading the organization’s incident response program, ensuring rapid detection, containment, eradication, and recovery from cybersecurity incidents. This role provides strategic oversight, operational leadership, and continuous improvement of incident response capabilities to protect enterprise assets, data, and reputation.

Work Arrangement

You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities

• **Strategic Leadership**: Develop and maintain the enterprise-wide Incident Response Strategy, aligning with frameworks such as NIST, MITRE ATT&CK, and ISO 27035
• Establish governance for incident response, including policies, playbooks, and escalation protocols
• Serve as the primary liaison with executive leadership, legal, compliance, and communications teams during major incidents
• **Operational Management**: Oversee 24/7 incident response operations, including triage, containment, forensic analysis, and remediation
• Direct Incident Response and Digital Forensic teams, ensuring readiness and resilience
• Coordinate with Cyber Threat Intelligence (CTI), Threat Hunting, and Security Operations Center teams for proactive defense and post-incident analysis
• Produce clear metrics and reporting of incident data and KPI's
• Manage multiple projects and workstreams simultaneously
• **Incident Handling**: Lead response for critical and high-severity incidents, including ransomware, data breaches, network intrusions, and advanced persistent threats (APTs)
• Ensure proper chain-of-custody for forensic evidence and compliance with regulatory requirements (e.g., HIPAA, GDPR)
• Drive root cause analysis and lessons learned to strengthen security posture
• **Collaboration & Communication**: Partner with Legal, Privacy, and Compliance Officers for breach notifications