The Giant Bullseye
Senior Project Manager – Vulnerability Remediation
The Giant Bullseye, Saint Louis, Missouri, United States, 63146
Overview
We are seeking a Senior Project Manager to lead enterprise-wide vulnerability remediation initiatives across healthcare applications and infrastructure platforms. This role is responsible for driving the identification, prioritization, and closure of Critical and High‑risk security vulnerabilities while ensuring compliance with healthcare regulatory standards. The ideal candidate has strong experience managing remediation across both application development and infrastructure environments in complex healthcare ecosystems.
Key Responsibilities
Lead end‑to‑end vulnerability remediation programs across applications, databases, servers, cloud platforms, and legacy healthcare systems
Own planning, execution, and tracking of remediation efforts for code, dependency, configuration, and patch‑related vulnerabilities
Coordinate with security, DevOps, application, architecture, and infrastructure teams to remediate scan findings efficiently
Manage remediation backlogs, sprint planning, release coordination, and delivery tracking
Review and interpret vulnerability scan outputs from tools such as Qualys, Tenable, Rapid7, CrowdStrike, and Microsoft Defender
Develop remediation strategies based on vulnerability severity, exploitability, PHI/PII exposure, and business criticality
Prepare and deliver weekly status reports, risk dashboards, and executive‑level scorecards
Oversee vendor deliverables, team onboarding, cross‑shore coordination, and stakeholder alignment
Ensure remediation governance, audit readiness, compliance documentation, and closure of audit findings
Define and maintain remediation SLAs, prioritization models, RAID logs, and approval workflows
Required Experience & Skills
10+ years of IT project or program management experience, with 5+ years focused on security or vulnerability remediation
Proven experience managing both application and infrastructure vulnerabilities, including:
Application/code vulnerabilities (OWASP, open‑source dependencies, APIs, encryption gaps)
Infrastructure vulnerabilities (OS patching, server hardening, cloud misconfigurations, IAM issues)
Strong understanding of healthcare systems and PHI security risks
Hands‑on experience with healthcare compliance frameworks including HIPAA, HITECH, HITRUST, NIST CSF, and CMS
Experience working in hybrid delivery models with onshore and offshore teams
Strong knowledge of Agile, Scrum, and hybrid project management methodologies
Excellent communication, stakeholder management, and executive reporting skills
Familiarity with cloud platforms (AWS/Azure), CI/CD pipelines, SQL, and DevSecOps practices
Preferred Certifications
PMP, CSM, SAFe
Security certifications such as CISSP, CISM, or CompTIA Security+
HITRUST or healthcare‑focused security certifications
Preferred Healthcare Domain Experience
Payer platforms including Medicare, Medicaid, Marketplace, and Commercial plans
Systems supporting claims, enrollment, provider data, pharmacy, and member access
Legacy healthcare platforms including .NET, Java, SAP, Oracle, Salesforce Health Cloud, and enterprise data hubs
#J-18808-Ljbffr
Key Responsibilities
Lead end‑to‑end vulnerability remediation programs across applications, databases, servers, cloud platforms, and legacy healthcare systems
Own planning, execution, and tracking of remediation efforts for code, dependency, configuration, and patch‑related vulnerabilities
Coordinate with security, DevOps, application, architecture, and infrastructure teams to remediate scan findings efficiently
Manage remediation backlogs, sprint planning, release coordination, and delivery tracking
Review and interpret vulnerability scan outputs from tools such as Qualys, Tenable, Rapid7, CrowdStrike, and Microsoft Defender
Develop remediation strategies based on vulnerability severity, exploitability, PHI/PII exposure, and business criticality
Prepare and deliver weekly status reports, risk dashboards, and executive‑level scorecards
Oversee vendor deliverables, team onboarding, cross‑shore coordination, and stakeholder alignment
Ensure remediation governance, audit readiness, compliance documentation, and closure of audit findings
Define and maintain remediation SLAs, prioritization models, RAID logs, and approval workflows
Required Experience & Skills
10+ years of IT project or program management experience, with 5+ years focused on security or vulnerability remediation
Proven experience managing both application and infrastructure vulnerabilities, including:
Application/code vulnerabilities (OWASP, open‑source dependencies, APIs, encryption gaps)
Infrastructure vulnerabilities (OS patching, server hardening, cloud misconfigurations, IAM issues)
Strong understanding of healthcare systems and PHI security risks
Hands‑on experience with healthcare compliance frameworks including HIPAA, HITECH, HITRUST, NIST CSF, and CMS
Experience working in hybrid delivery models with onshore and offshore teams
Strong knowledge of Agile, Scrum, and hybrid project management methodologies
Excellent communication, stakeholder management, and executive reporting skills
Familiarity with cloud platforms (AWS/Azure), CI/CD pipelines, SQL, and DevSecOps practices
Preferred Certifications
PMP, CSM, SAFe
Security certifications such as CISSP, CISM, or CompTIA Security+
HITRUST or healthcare‑focused security certifications
Preferred Healthcare Domain Experience
Payer platforms including Medicare, Medicaid, Marketplace, and Commercial plans
Systems supporting claims, enrollment, provider data, pharmacy, and member access
Legacy healthcare platforms including .NET, Java, SAP, Oracle, Salesforce Health Cloud, and enterprise data hubs
#J-18808-Ljbffr