Director, Cybersecurity - Remote or Hybrid in DC, NC and MN

March 6, 2026

Other Jobs To Apply

No other job posts for this day.

About the position Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care’s most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together. The Director of Security Incident Response (SIR) is responsible for leading the organization’s incident response program, ensuring rapid detection, containment, eradication, and recovery from cybersecurity incidents. This role provides strategic oversight, operational leadership, and continuous improvement of incident response capabilities to protect enterprise assets, data, and reputation. You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week. You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Responsibilities • Strategic Leadership: • Develop and maintain the enterprise-wide Incident Response Strategy, aligning with frameworks such as NIST, MITRE ATT&CK, and ISO 27035 • Establish governance for incident response, including policies, playbooks, and escalation protocols • Serve as the primary liaison with executive leadership, legal, compliance, and communications teams during major incidents • Operational Management: • Oversee 24/7 incident response operations, including triage, containment, forensic analysis, and remediation • Direct Incident Response and Digital Forensic teams, ensuring readiness and resilience • Coordinate with Cyber Threat Intelligence (CTI), Threat Hunting, and Security Operations Center teams for proactive defense and post-incident analysis • Produce clear metrics and reporting of incident data and KPI's • Manage multiple projects and workstreams simultaneously • Incident Handling: • Lead response for critical and high-severity incidents, including ransomware, data breaches, network intrusions, and advanced persistent threats (APTs) • Ensure proper chain-of-custody for forensic evidence and compliance with regulatory requirements (e.g., HIPAA, GDPR) • Drive root cause analysis and lessons learned to strengthen security posture • Collaboration & Communication: • Partner with Legal, Privacy, and Compliance Officers for breach notifications and regulatory reporting • Communicate incident status and impact to executive leadership and internal stakeholders • Represent the organization in interactions with 3rd party incident response and legal firms • Collaborate with Security Officers, Merger & Acquisitions, Security Architecture & Engineering, Governance and other Global Security Operation teams • Continuous Improvement: • Conduct post-incident reviews and implement action plans • Develop and deliver training programs for incident response teams • Maintain awareness of emerging threats and integrate threat intelligence into response strategies Requirements • Bachelor’s degree in Computer Science, Cybersecurity, or related field • CISSP, CISM, GSTRT, and other technical certifications from ISC2, CompTIA, SANS, ISACA, CSP's, etc. • 10+ years of experience in cybersecurity • 5+ years of experience in incident response leadership of very large organizations • 5+ years of experience managing global 24/7 SOC/IR teams and large-scale security incidents • 5+ years of deep knowledge of incident response frameworks, forensic tools, EDR/XDR, Public Cloud, application security, networking and SIEM platforms • 3+ years of Project management experience • Demonstrated ability to translate technical risk into business impact Nice-to-haves • Experience in regulated industries (healthcare, finance) • Familiarity with cloud security and hybrid environments • Expertise in automation and orchestration for incident response Apply tot his job

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...

DISCLAIMER