Vulnerability Program Manager

Overview

Looking to be part of something more meaningful? At HonorHealth, you'll be part of a team, creating a multi-dimensional care experience for our patients. You'll have opportunities to make a difference. From our Ambassador Movement to our robust training and development programs, you can select where and how you want to make an impact. HonorHealth offers a diverse benefits portfolio for our full-time and part-time team members designed to help you and your family live your best lives. Visit honorhealth.com / benefits to learn more. Join us. Let's go beyond expectations and transform healthcare together. HonorHealth is one of Arizona's largest nonprofit healthcare systems, serving a population of five million people in the greater Phoenix metropolitan area. The comprehensive network encompasses six acute-care hospitals, an extensive medical group with primary, specialty and urgent care services, a cancer care network, outpatient surgery centers, clinical research, medical education, a foundation, an accountable care organization, community services and more. With nearly 17,000 team members, 3,700 affiliated providers and close to 2,000 volunteers dedicated to providing high quality care, HonorHealth strives to go beyond the expectations of a traditional healthcare system to improve the health and well-being of communities across Arizona. Learn more at HonorHealth.com.

Responsibilities

Job Summary The Vulnerability Program Manager will lead and mature our healthcare risk and vulnerability management program. This role is responsible for identifying, assessing, prioritizing, and driving remediation of security vulnerabilities across our technology environment. This role is critical in protecting sensitive patient data, ensuring compliance with healthcare regulations, and maintaining the security of clinical and administrative systems. Essential Functions

• Design, implement, and manage a comprehensive vulnerability management program tailored to healthcare environments.
• Drive the teams to produce actionable results for the regular vulnerability assessments across electronic health record (EHR) systems, medical devices, cloud platforms, and on-premises infrastructure.
• Coordinate activities across infrastructure, applications, and cloud environments.
• Assist the team with analyzing and prioritizing vulnerabilities based on risk to patient safety, data confidentiality, and operational continuity.
• Collaborate with IT, clinical engineering, security and compliance teams to define remediation efforts.
• Maintain a vulnerability risk register and provide executive-level reporting with a focus on healthcare-specific risks.
• Integrate threat intelligence to contextualize vulnerabilities and assess potential impacts on patient care.
• Ensure compliance with HIPAA, HITECH, NIST Cybersecurity Framework, and other relevant healthcare regulations.
• Define and track key performance indicators (KPIs) and metrics for vulnerability management.
• Support audits, risk assessments, and incident response activities related to vulnerabilities.
• Drive continuous improvement through automation, process refinement, tools and cross-functional training.
• Performs other duties as assigned .

The above job responsibilities describe the general nature and level of work to be performed. It does not restrict management's right to assign or re-assign duties at any time. Education Bachelors- Information security, healthcare IT, or a related field - Required Experience 5+ years Experience in cybersecurity - Required 2 years Experience in vulnerability management within a healthcare setting - Required Familiarity with healthcare technologies such as EHR systems (preferred Epic), PACS, and medical IoT devices - Required Experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and healthcare-specific risk assessment tools - Required Strong understanding of HIPAA Security Rule, HITECH Act, and NIST 800-53 / 800-66 - Required Excellent communication skills, with the ability to translate technical risks into business impact - Required Experience with HITRUST CSF and healthcare compliance audits - PreferredKnowledge of secure software development practices and DevSecOps in healthcare applications - Preferred Certifications and Licensure Security certifications such as HCISPP, CISSP, CISM, or GIAC - Preferred