[Remote] Senior Project Manager – Vulnerability Remediation
Note: The job is a remote job and is open to candidates in USA. The Giant Bullseye is seeking a Senior Project Manager to lead enterprise-wide vulnerability remediation initiatives across healthcare applications and infrastructure platforms. This role is responsible for driving the identification, prioritization, and closure of Critical and High-risk security vulnerabilities while ensuring compliance with healthcare regulatory standards.
Responsibilities
- Lead end-to-end vulnerability remediation programs across applications, databases, servers, cloud platforms, and legacy healthcare systems
- Own planning, execution, and tracking of remediation efforts for code, dependency, configuration, and patch-related vulnerabilities
- Coordinate with security, DevOps, application, architecture, and infrastructure teams to remediate scan findings efficiently
- Manage remediation backlogs, sprint planning, release coordination, and delivery tracking
- Review and interpret vulnerability scan outputs from tools such as Qualys, Tenable, Rapid7, CrowdStrike, and Microsoft Defender
- Develop remediation strategies based on vulnerability severity, exploitability, PHI/PII exposure, and business criticality
- Prepare and deliver weekly status reports, risk dashboards, and executive-level scorecards
- Oversee vendor deliverables, team onboarding, cross-shore coordination, and stakeholder alignment
- Ensure remediation governance, audit readiness, compliance documentation, and closure of audit findings
- Define and maintain remediation SLAs, prioritization models, RAID logs, and approval workflows
Skills
- 10+ years of IT project or program management experience, with 5+ years focused on security or vulnerability remediation
- Proven experience managing both application and infrastructure vulnerabilities, including: Application/code vulnerabilities (OWASP, open-source dependencies, APIs, encryption gaps), Infrastructure vulnerabilities (OS patching, server hardening, cloud misconfigurations, IAM issues)
- Strong understanding of healthcare systems and PHI security risks
- Hands-on experience with healthcare compliance frameworks including HIPAA, HITECH, HITRUST, NIST CSF, and CMS
- Experience working in hybrid delivery models with onshore and offshore teams
- Strong knowledge of Agile, Scrum, and hybrid project management methodologies
- Excellent communication, stakeholder management, and executive reporting skills
- Familiarity with cloud platforms (AWS/Azure), CI/CD pipelines, SQL, and DevSecOps practices
- PMP, CSM, SAFe
- Security certifications such as CISSP, CISM, or CompTIA Security+
- HITRUST or healthcare-focused security certifications
- Payer platforms including Medicare, Medicaid, Marketplace, and Commercial plans
- Systems supporting claims, enrollment, provider data, pharmacy, and member access
- Legacy healthcare platforms including .NET, Java, SAP, Oracle, Salesforce Health Cloud, and enterprise data hubs
Company Overview