Senior Project Manager Vulnerability Remediation (Healthcare Domain)

Job Description

Job Description

Job Title: Senior Project Manager – Vulnerability Remediation (Healthcare Domain)

Location: Onsite

Experience: 10–15+ years

Employment Type: Contract

Rate: 60-65$/Hr.

Role Summary

The Senior Project Manager will lead and manage large-scale vulnerability remediation programs across healthcare application portfolios and infrastructure systems. This role will ensure timely identification, prioritization, and remediation of Critical and High vulnerabilities aligned to regulatory and compliance requirements (HIPAA, HITECH, CMS, HITRUST). The candidate must have hands-on experience driving remediation activities for both application development (code, libraries, APIs, and platform vulnerabilities) and infrastructure (patching, server configuration, network, and cloud security issues) .

Key Responsibilities

• Lead end-to-end program execution for vulnerability remediation related to applications, databases, servers, cloud environments, and legacy healthcare platforms.
• Prioritize and track remediation of CVITs, VITs, vulnerabilities in code, patch deployments, and configuration fixes across technical teams.
• Work with security, DevOps, application development, enterprise architecture, and infrastructure teams to systematically remediate scan findings.
• Conduct backlog grooming, sprint planning, release coordination, and delivery tracking for remediation activities.
• Analyze vulnerability scan reports and dashboards from tools such as Qualys, Tenable, Rapid7, CrowdStrike, Microsoft Defender, etc.
• Develop remediation plans aligned to exposure of PHI/PII, severity, exploitability, and system criticality.
• Prepare and present weekly status decks, risk registers, and executive scorecards for senior leadership and audit teams.
• Oversee SOW deliverables, team onboarding, cross-shore coordination, and stakeholder alignment.
• Ensure remediation governance, compliance documentation, and closure of cyber audit findings.
• Develop and refine remediation SLAs, prioritization models, RAID logs, and approval workflows involving business, security, and IT stakeholders.

Required Skills & Qualifications

• 10+ years of IT project or program management experience, including 5+ years dedicated to security or vulnerability remediation.
• Must have experience managing both application development and infrastructure-related vulnerabilities , including:
• Code vulnerabilities (OWASP, dependency issues, API weaknesses, encryption gaps)
• Infrastructure vulnerabilities (OS patching, server hardening, cloud misconfigurations, IAM issues)
• Deep understanding of healthcare systems and PHI security risks.
• Strong knowledge of healthcare compliance frameworks such as HIPAA, HITECH, HITRUST, NIST CSF, CMS.
• Experience working in distributed delivery models with offshore/onshore teams.
• Proficient in Agile, Scrum, and hybrid methodologies.
• Excellent communication, stakeholder influencing, and senior leadership reporting capabilities.
• Familiarity with SQL, cloud platforms (Azure/AWS), CI/CD pipelines, and DevSecOps practices.

Preferred Certifications

• PMP, CSM, SAFe
• CompTIA Security+, CISSP, CISM
• HITRUST or healthcare security certifications (preferred)

Healthcare Domain Experience (Preferred)

• Payer systems (Medicaid, Medicare, Marketplace, Commercial)
• Claims processing, provider data, enrollment, pharmacy, member access systems
• Legacy remediation involving .NET, Java, SAP, Oracle, Salesforce Health Cloud, and Data Hub environments

Key Success Metrics

• Reduction in Critical/High vulnerability backlog
• SLA compliance for remediation (30/60/90-day closure)
• Audit remediation closure rate
• Legacy backlog risk reduction
• Operational readiness and stability for healthcare systems