job description
Join Optum as a Senior Information Security Consultant specializing in Governance, Risk & Compliance (GRC) and Vendor Risk Management (VRM). In this critical role, you will drive the development and implementation of robust security frameworks, ensuring compliance with global standards while mitigating third-party risks. Based in the vibrant and dynamic environment of Bali, Indonesia, youâll collaborate with cross-functional teams to safeguard enterprise assets and enhance security posture.
With a minimum of 5 years of experience in GRC, TPRM, and Information Security Risk Management, you will play a pivotal role in shaping security strategies, conducting risk assessments, and fostering a culture of compliance. This is a unique opportunity to work remotely from Baliâs most sought-after locationsâCanggu, Ubud, Denpasar, Jimbaran, Nusa Dua, or Kutaâwhile contributing to high-impact security initiatives for a global leader in healthcare technology.
Optum offers a competitive compensation package, professional growth opportunities, and the flexibility to thrive in a tropical paradise. If you are passionate about cybersecurity and excel in risk management, we want to hear from you!
Responsibility
- Develop, implement, and maintain Governance, Risk & Compliance (GRC) frameworks aligned with industry standards (e.g., ISO 27001, NIST, SOC 2).
- Lead Third-Party Risk Management (TPRM) programs, including vendor assessments, due diligence, and ongoing monitoring.
- Conduct comprehensive risk assessments and gap analyses to identify vulnerabilities and recommend mitigation strategies.
- Collaborate with legal, procurement, and IT teams to ensure vendor contracts meet security and compliance requirements.
- Design and deliver security awareness training for employees and third-party stakeholders.
- Monitor regulatory changes (e.g., GDPR, HIPAA) and update policies to maintain compliance.
- Prepare and present risk reports, metrics, and dashboards to senior leadership and stakeholders.
- Drive continuous improvement in security controls and risk management processes.
Qualifications
- Bachelorâs degree in Computer Science, Information Security, Cybersecurity, or a related field. Advanced degrees or certifications (e.g., CISSP, CISM, CISA, CRISC) are a plus.
- Minimum of 5 years of experience in GRC, TPRM, or Information Security Risk Management.
- Proven expertise in risk assessment methodologies and compliance frameworks (ISO 27001, NIST, SOC 2, etc.).
- Strong understanding of vendor risk management tools and best practices.
- Excellent analytical, communication, and stakeholder management skills.
- Experience with security audits, policy development, and incident response.
- Familiarity with cloud security (AWS, Azure, GCP) and data protection regulations.
- Ability to work independently in a remote setting with a results-driven mindset.