Principal Security Program Manager

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Job Description:

Reporting to the CISO, the Principal Security Program Manager is the leader responsible for driving measurable risk reduction through a blend of hands-on security engineering and program-level execution. This role partners across IT, clinical operations, compliance, and business leaders to implement pragmatic security controls, improve detection and response, strengthen security awareness, and maintain audit readiness. The scope includes securing a hybrid on-prem and cloud technology stack, including Microsoft365 and Azure, while maintaining a balanced defense-in-depth approach.

Key Responsibilities

Security Program & Portfolio Leadership

• Own end-to-end delivery of multiple security initiatives and operational programs with clear outcomes (risk reduction, control maturity, resilience, compliance readiness).

• Translate security strategy into executable workstreams and sustained operational mechanisms.

Hands-On Security Engineering

• Partner with IT to engineer, implement, and continuously improve security controls across identity, endpoint, email, collaboration, cloud platforms, and core infrastructure (including Microsoft 365 and Azure where applicable).

• Develop and maintain secure configurations, baselines, and technical guardrails; drive continuous improvement through posture reviews and control validation as appropriate.

• Perform technical investigation and troubleshooting of security events, misconfigurations, and control gaps; implement corrective actions.

Cybersecurity Architecture & Defense Strategy

• Contribute to security architecture decisions and defense strategies using a layered, threat-informed approach.

• Assess emerging threats and recommend pragmatic technical and procedural improvements.

Incident Response & Operational Support (as needed)

• Support security incident response activities: triage, containment, eradication, recovery, and lessons learned.

• Improve readiness through playbooks, tabletop exercises, partner coordination, and continuous improvement actions.

Security Toolset Ownership & Partner Management

• Own the operational effectiveness of the security toolset (monitoring, detection, response, email security, vulnerability management, identity protection, logging/analytics, and related systems).

• Manage security partners including a managed SOC and other third-party security service providers: define outcomes, SLAs, escalation paths, and service quality expectations.

• Drive detection tuning and alert quality improvements with partners to reduce noise and improve response outcomes.

Security Awareness and Training

• Design and continuously improve security awareness initiatives that reduce human-risk and strengthen security culture.

• Design, execute, and optimize phishing simulations, including campaign planning, targeting strategies, and metrics (e.g., susceptibility and reporting behaviors) to inform training and reinforcement.

• Partner with HR/People Ops and business leaders to drive sustained behavior change and measurable improvements over time.

Audit Support & Control Evidence Readiness

• As they occur, support audits by coordinating evidence collection, validating control operation, and ensuring timely closure of findings and remediation actions.

• Maintain and improve documentation of security controls, technical configurations, procedures, and operating evidence to meet audit and compliance expectations.

• Translate audit requirements into actionable control improvements and sustainable operational practices.

Third-Party Risk Assessments (TPRM)

• Facilitate lean yet effective third-party risk assessments for new and existing vendors, including questionnaire review, evidence validation, risk summaries, and remediation tracking.

• Evaluate vendor security posture, data handling practices, access models, and incident response capabilities.

Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, Engineering, or similar.

• 8+ years of progressively responsible experience in cybersecurity, including hands-on engineering responsibilities and ownership of security outcomes.

• Demonstrated experience leading cross-functional initiatives with strong execution discipline.

• Experience managing and optimizing security toolsets and coordinating with external security partners (including a managed SOC).

• Strong written and verbal communication skills, including ability to communicate risk and recommendations to non-technical audiences.

Preferred Qualifications

• Experience in healthcare or highly regulated environments.

• Security certifications (CISSP, CISM, CCSP, Security+, or equivalent).

• Familiarity with enterprise identity security, cloud security, monitoring/analytics, and audit/compliance support across modern environments (including Microsoft 365 and Azure).

Core Competencies

• Security engineering depth + program leadership breadth

• Risk-based decision making and pragmatic security architecture

• Vendor/partner management with measurable outcomes

• Executive-ready communication and stakeholder influence

• Operational excellence and continuous improvement mindset

Salary Range:

$93,225.60 - $162,000

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!