Job Description

Security Program Manager & Senior Engineer Position Summary Reporting to the CISO, the Principal Security Program Manager will server as a Chief of Staff to the CISO. 60 - 70% hands-on security engineering and program-level execution. This role partners across IT, clinical operations, compliance, and business leaders to implement pragmatic security controls, improve detection and response, strengthen security awareness, and maintain audit readiness. The scope includes securing a hybrid on-prem and cloud technology stack, including Microsoft365 and Azure, while maintaining a balanced defense-in-depth approach.

Own end-to-end delivery of multiple security initiatives and operational programs with clear outcomes (risk reduction, control maturity, resilience, compliance readiness). Translate security strategy into executable workstreams and sustained operational mechanisms.

Partner with IT to engineer, implement, and continuously improve security controls across identity, endpoint, email, collaboration, cloud platforms, and core infrastructure (including Microsoft 365 and Azure where applicable). Develop and maintain secure configurations, baselines, and technical guardrails; drive continuous improvement through posture reviews and control validation as appropriate. Perform technical investigation and troubleshooting of security events, misconfigurations, and control gaps; implement corrective actions.

Contribute to security architecture decisions and defense strategies using a layered, threat-informed approach. Assess emerging threats and recommend pragmatic technical and procedural improvements.

Support security incident response activities: triage, containment, eradication, recovery, and lessons learned. Improve readiness through playbooks, tabletop exercises, partner coordination, and continuous improvement actions.

Own the operational effectiveness of the security toolset (monitoring, detection, response, email security, vulnerability management, identity protection, logging/analytics, and related systems). Manage security partners including a managed SOC and other third-party security service providers: define outcomes, SLAs, escalation paths, and service quality expectations. Drive detection tuning and alert quality improvements with partners to reduce noise and improve response outcomes.

Design and continuously improve security awareness initiatives that reduce human-risk and strengthen security culture. Design, execute, and optimize phishing simulations, including campaign planning, targeting strategies, and metrics (e.g., susceptibility and reporting behaviors) to inform training and reinforcement. Partner with HR/People Ops and business leaders to drive sustained behavior change and measurable improvements over time.

As they occur, support audits by coordinating evidence collection, validating control operation, and ensuring timely closure of findings and remediation actions. Maintain and improve documentation of security controls, technical configurations, procedures, and operating evidence to meet audit and compliance expectations. Translate audit requirements into actionable control improvements and sustainable operational practices.

Facilitate lean yet effective third-party risk assessments for new and existing vendors, including questionnaire review, evidence validation, risk summaries, and remediation tracking. Evaluate vendor security posture, data handling practices, access models, and incident response capabilities.

Bachelor s degree in Information Security, Computer Science, Engineering, or similar. 8+ years of progressively responsible experience in cybersecurity, including hands-on engineering responsibilities and ownership of security outcomes. Demonstrated experience leading cross-functional initiatives with strong execution discipline. Experience managing and optimizing security toolsets and coordinating with external security partners (including a managed SOC). Strong written and verbal communication skills, including ability to communicate risk and recommendations to non-technical audiences.

Experience in healthcare or highly regulated environments. Security certifications (CISSP, CISM, CCSP, Security+, or equivalent). Familiarity with enterprise identity security, cloud security, monitoring/analytics, and audit/compliance support across modern environments (including Microsoft 365 and Azure).

Security engineering depth + program leadership breadth Risk-based decision making and pragmatic security architecture Vendor/partner management with measurable outcomes Executive-ready communication and stakeholder influence Operational excellence and continuous improvement mindset

For applications and inquiries, contact: hirings@openkyber.com

Job Tags

Similar Jobs