Vulnerability Program Manager

Must reside in Arizona

$5,000 Sign-on Bonus

Job Summary

The Vulnerability Program Manager will lead and mature our healthcare risk and vulnerability management program. This role is responsible for identifying, assessing, prioritizing, and driving remediation of security vulnerabilities across our technology environment. This role is critical in protecting sensitive patient data, ensuring compliance with healthcare regulations, and maintaining the security of clinical and administrative systems.Essential Functions

• Design, implement, and manage a comprehensive vulnerability management program tailored to healthcare environments.
• Drive the teams to produce actionable results for the regular vulnerability assessments across electronic health record (EHR) systems, medical devices, cloud platforms, and on-premises infrastructure.
• Coordinate activities across infrastructure, applications, and cloud environments.
• Assist the team with analyzing and prioritizing vulnerabilities based on risk to patient safety, data confidentiality, and operational continuity.
• Collaborate with IT, clinical engineering, security and compliance teams to define remediation efforts.
• Maintain a vulnerability risk register and provide executive-level reporting with a focus on healthcare-specific risks.
• Integrate threat intelligence to contextualize vulnerabilities and assess potential impacts on patient care.
• Ensure compliance with HIPAA, HITECH, NIST Cybersecurity Framework, and other relevant healthcare regulations.
• Define and track key performance indicators (KPIs) and metrics for vulnerability management.
• Support audits, risk assessments, and incident response activities related to vulnerabilities.
• Drive continuous improvement through automation, process refinement, tools and cross-functional training.
• Performs other duties as assigned.

The above job responsibilities describe the general nature and level of work to be performed. It does not restrict management’s right to assign or re-assign duties at any time.

Education

Bachelors- Information security, healthcare IT, or a related field - Required

Experience

5+ years Experience in cybersecurity - Required

2 years Experience in vulnerability management within a healthcare setting - Required

Familiarity with healthcare technologies such as EHR systems (preferred Epic), PACS, and medical IoT devices - Required

Experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and healthcare-specific risk assessment tools - Required

Strong understanding of HIPAA Security Rule, HITECH Act, and NIST 800-53/800-66 - Required

Excellent communication skills, with the ability to translate technical risks into business impact - Required

Experience with HITRUST CSF and healthcare compliance audits - Preferred

Knowledge of secure software development practices and DevSecOps in healthcare applications - Preferred

Certifications and Licensure

Security certifications such as HCISPP, CISSP, CISM, or GIAC - Preferred