Senior Project Manager – Vulnerability Remediation

Overview

We are seeking a Senior Project Manager to lead enterprise-wide vulnerability remediation initiatives across healthcare applications and infrastructure platforms. This role is responsible for driving the identification, prioritization, and closure of Critical and High‑risk security vulnerabilities while ensuring compliance with healthcare regulatory standards. The ideal candidate has strong experience managing remediation across both application development and infrastructure environments in complex healthcare ecosystems.

• Lead end‑to‑end vulnerability remediation programs across applications, databases, servers, cloud platforms, and legacy healthcare systems
• Own planning, execution, and tracking of remediation efforts for code, dependency, configuration, and patch‑related vulnerabilities
• Coordinate with security, Dev Ops, application, architecture, and infrastructure teams to remediate scan findings efficiently
• Manage remediation backlogs, sprint planning, release coordination, and delivery tracking
• Review and interpret vulnerability scan outputs from tools such as Qualys, Tenable, Rapid7, Crowd Strike, and Microsoft Defender
• Develop remediation strategies based on vulnerability severity, exploitability, PHI/PII exposure, and business criticality
• Prepare and deliver weekly status reports, risk dashboards, and executive‑level scorecards
• Oversee vendor deliverables, team onboarding, cross‑shore coordination, and stakeholder alignment
• Ensure remediation governance, audit readiness, compliance documentation, and closure of audit findings
• Define and maintain remediation SLAs, prioritization models, RAID logs, and approval workflows

• 10+ years of IT project or program management experience, with 5+ years focused on security or vulnerability remediation
• Proven experience managing both application and infrastructure vulnerabilities, including:
• Application/code vulnerabilities (OWASP, open‑source dependencies, APIs, encryption gaps)
• Infrastructure vulnerabilities (OS patching, server hardening, cloud misconfigurations, IAM issues)
• Strong understanding of healthcare systems and PHI security risks
• Hands‑on experience with healthcare compliance frameworks including HIPAA, HITECH, HITRUST, NIST CSF, and CMS
• Experience working in hybrid delivery models with onshore and offshore teams
• Strong knowledge of Agile, Scrum, and hybrid project management methodologies
• Excellent communication, stakeholder management, and executive reporting skills
• Familiarity with cloud platforms (AWS/Azure), CI/CD pipelines, SQL, and Dev Sec Ops  practices

• PMP, CSM, SAFe
• Security certifications such as CISSP, CISM, or CompTIA Security+
• HITRUST or healthcare‑focused security certifications

• Payer platforms including Medicare, Medicaid, Marketplace, and Commercial plans
• Systems supporting claims, enrollment, provider data, pharmacy, and member access
• Legacy healthcare platforms including .NET, Java, SAP, Oracle, Salesforce Health Cloud, and enterprise data hubs