Sr. Manager, Security Operations & Governance NUMÉRO DE POSTE: 482613

Tampa, FL, US Remote
Healthcare & Social Assistance (non-hospitals)
Vaco
$ 70.00 - 80.00 hourly
contractor
Postuler retour aux résultats
Hiring a SENIOR MANAGER, SECURITY OPERATIONS & GOVERNANCE with prior experience in healthcare industry, Microsoft environment (365,InTune, Azure Security) and coordinating remediation across technical teams, vendors, business owners, and compliance stakeholders.

Location: 100% remote in US
Duration: 6-12 month contract
Pay: $70-80/hr W2 

This role will serve as the primary owner for security findings, remediation plans, vulnerability items, audit actions, risk exceptions, and enterprise security obligations.

The position requires a hands-on leader who can translate security findings into practical action plans, assign ownership, track execution, validate evidence, escalate blockers, and drive closure across IT, compliance, vendors, and business stakeholders.


The ideal candidate is not only able to organize and execute a security program but is also a security-minded operator who can work directly with technical teams on identity, endpoint, cloud, network, application, infrastructure, SaaS, and healthcare system risks.

Core Responsibilities

  • Own the security remediation backlog, including enterprise security findings, IOPs, vulnerability items, audit actions, risk assessments, control gaps, exceptions, and assessment findings.
  • Drive remediation from intake through closure by creating clear action plans with owners, due dates, dependencies, evidence requirements, risks, and escalation paths.
  • Maintain a centralized remediation tracker, risk register, exception log, evidence repository, and executive status reporting for open security obligations.
  • Lead recurring remediation reviews with infrastructure, cloud, endpoint, application, network, data, compliance, and vendor teams to ensure progress and accountability.
  • Challenge unclear ownership, stalled work, weak evidence, missed deadlines, and incomplete remediation plans.
  • Escalate blockers and risks to IT leadership, Enterprise Security, Compliance, and business owners when remediation is delayed or requires risk acceptance.
  • Validate remediation evidence before closure, including screenshots, configuration exports, tickets, logs, reports, policy updates, testing results, and vendor attestations.
  • Translate technical findings into practical, prioritized work that operational teams can execute without unnecessary complexity.
  • Lead security operations activities, including alert triage, investigation, containment, escalation, recovery, and post-incident review.
  • Serve as incident commander or technical lead for security events affecting clinical operations, patient data, business continuity, or critical applications.
  • Maintain incident documentation, evidence, playbooks, tabletop exercises, and after-action tracking.
  • Partner with Compliance/Privacy on PHI related investigations, documentation, and reporting requirements.
  • Lead vulnerability lifecycle management, including intake, validation, prioritization, ticketing, remediation follow-up, SLA adherence, aging reporting, and closure evidence.
  • Coordinate with application, infrastructure, cloud, network, and vendor owners to remediate application, website, domain, certificate, configuration, cloud, server, endpoint, and external exposure findings.
  • Manage and improve security practices across identity, endpoint, email, cloud, network, server, SaaS, and application environments.
  • Oversee operational use of Microsoft 365 security, Entra ID, Intune, Defender, Sentinel, Azure security, EDR/XDR, SIEM, vulnerability management tools, and related logging or investigation capabilities.
  • Partner with infrastructure, cloud, and network teams on secure administration, segmentation, firewall standards, NAC, remote access, vendor access, and external exposure management.
  • Drive endpoint and workstation security improvements, including EDR coverage, encryption, patching, device compliance, configuration baselines, and exception handling.
  • Ensure security telemetry from endpoints, identity, email, cloud, EHR, Salesforce, and critical infrastructure is available for monitoring, investigation, and audit evidence.
  • Support access management governance, including onboarding/offboarding controls, periodic access reviews, privileged access, service accounts, vendor access, and remote access.
  • Coordinate vendor security reviews and remediation for third parties with access to PHI, patient data, or critical systems.
  • Document compensating controls and risk acceptance where immediate remediation is not feasible.
  • Support HIPAA Security Rule safeguards, PHI/PII protection, secure email, DLP, data classification, application inventory, and evidence management activities.
  • Partner with clinical, operations, IT, and compliance stakeholders to reduce risk to patient data and clinical operations.
  • Support business continuity and disaster recovery planning, including recovery procedures, system dependencies, testing evidence, and remediation of gaps.
  • Coordinate security work related to medical devices, telecom, specialty systems, hosted environments, and healthcare-specific technology risks.
  • Maintain practical security policies, standards, procedures, and evidence that can be followed by operational teams.

 

Required Qualifications

  • Bachelor's degree and 8 years of experience managing enterprise IT, cybersecurity, security operations, or security remediation programs. Additional years of relevant experience may be considered in lieu of degree.
  • Experience owning remediation programs where findings, vulnerabilities, audit actions, or risk items had to be driven to closure across multiple technical and business teams.
  • Ability to operate as an execution owner, not only a coordinator, including assigning work, challenging status, escalating blockers, validating evidence, and holding teams accountable.
  • Strong practical understanding of vulnerability management, security operations, incident response, identity security, endpoint protection, cloud security, logging, and control evidence.
  • Experience working with enterprise security, audit, compliance, or corporate security teams on remediation plans, exceptions, evidence requests, and recurring status reporting.
  • Experience engaging multidisciplinary technical teams across cloud, cybersecurity, infrastructure, endpoint, network, application, SaaS, and hybrid environments.
  • Experience managing scope, schedule, priority, risk, and dependencies for enterprise security initiatives.
  • Working knowledge of Microsoft 365 security, Entra ID, Intune, Defender, Sentinel, Azure security, EDR/XDR, SIEM, IAM, vulnerability management tools, and logging concepts.
  • Experience coordinating remediation across technical teams, vendors, business owners, and compliance stakeholders.
  • Ability to review findings, determine practical next steps, assign ownership, track progress, collect evidence, and escalate blockers.
  • Familiarity with HIPAA, PHI/PII handling, NIST CSF, CIS benchmarks, and modern identity and endpoint security practices.
  • Strong written and verbal communication skills, including the ability to explain technical risk and remediation status to non-technical stakeholders.
  • Healthcare experience or experience supporting regulated environments with sensitive data.
  • Relevant certifications such as PMP, CISSP, CISM, CRISC, Security , or similar are preferred.



Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.

Vaco by Highspring promeut un milieu de travail diversifié et encourage fortement les femmes, les personnes de couleur, les membres des communautés LGBTQ+, les personnes handicapées, les membres de minorités ethniques, les résidents nés à l’étranger et les anciens combattants à postuler.

Avis : Égalité des chances en matière d’emploi

Vaco by Highspring garantie l’égalité des chances et ne discrimine pas les employé.e.s ou candidat.e.s en fonction de la race (y compris les traits historiquement associés à une race tels qu’une coiffure ou la texture des cheveux), couleur de la peau, sexe (y compris la grossesse ou des conditions connexes), religion ou croyances, origine nationale, citoyenneté, âge, situation de handicap, statut d’ancien.ne combattant.e, appartenance à un syndicat, origine ethnique, genre, identité de genre, expression de genre, orientation sexuelle, état matrimonial, affiliation politique, ou toute autre caractéristique protégée comme requis par la loi.

Vaco by Highspring et ses sociétés mères, sociétés affiliées et filiales (Vaco by Highspring) s’engagent à inclure pleinement toutes les personnes qualifiées. Dans le cadre de cet engagement, Vaco by Highspring veillera à ce que les personnes handicapées bénéficient d’aménagements raisonnables. Si un aménagement raisonnable est nécessaire pour participer au processus de candidature ou d’entrevue, pour vaquer à des fonctions professionnelles essentielles et/ou pour bénéficier d’autres avantages et privilèges liés à l’emploi, veuillez contacter HR@vaco.com.

Vaco by Highspring souhaite également que tous les candidats connaissent leurs droits, à savoir que la discrimination sur le lieu de travail est illégale.

En vous soumettant à ce poste, vous acceptez de donner à Vaco by Highspring le droit exclusif de présenter votre candidat pour l’opportunité d’emploi précédente. Vous convenez en outre que vous avez représenté des informations vous concernant avec exactitude et que vous n’avez pas déformé vos qualifications de manière affirmative. Vous acceptez également de garder confidentielle, dans toute la mesure permise par la loi, toute information que vous apprenez de Vaco by Highspring sur le poste et vous limiterez la divulgation des informations sur le poste uniquement dans la mesure nécessaire pour exécuter toute obligation dans la poursuite de votre candidature. En échange, Vaco by Highspring accepte de faire des efforts raisonnables pour vous représenter par le biais de toute sollicitation, sélection d’emploi et dispersion de CV.

Avis de confidentialité

Vaco by Highspring, ses sociétés mères, ses filiales et les sociétés du même groupe (« nous », « nos » ou « Vaco by Highspring») respectent votre vie privée et s’engagent à présenter un avis transparent concernant leurs politiques.

  • Les résidents de la Californie peuvent consulter l’avis relatif à la collecte de renseignements publié par le service des RH de Vaco by Highspring à l’intention des candidats et des employés de la Californie ici.
  • Les résidents de la Virginie peuvent accéder à nos politiques propres à leur État ici.
  • Les résidents de tous les autres États peuvent accéder à nos politiques ici.
  • Les résidents canadiens peuvent consulter nos politiques en anglais ici et en français ici.
  • Les résidents des pays où le RGPD s’applique peuvent accéder à nos politiques ici.

Avis sur la transparence salariale

La détermination de la rémunération pour ce poste (et d’autres) chez Vaco by Highspring dépend d’un large éventail de facteurs, notamment :

  • les compétences, l’expérience et la formation de la personne;
  • les exigences relatives au permis d’exercice et à l’agrément;
  • l’emplacement du bureau et d’autres considérations géographiques;
  • d’autres besoins professionnels et de l’entreprise.

Ainsi, comme l’exige la loi locale, Vaco by Highspring estime que l’échelle salariale ci-dessus représente une estimation raisonnable de la rémunération de base d’une personne embauchée à ce poste dans des régions qui requièrent la divulgation de l’échelle salariale. La personne peut également être admissible à des primes discrétionnaires.

Postuler retour aux résultats

Postulez dès maintenant

Veuillez vous assurer que tous les champs ont été remplis.

Your Information

* = Champ obligatoire

Téléversez votre CV*

Seuls les fichiers PDF, DOCX ou DOC sont acceptés.
Taille maximale du fichier: 512 Ko.
Veuillez joindre votre curriculum vitae, veillez à ce qu'il soit au bon format et d'une taille inférieure à 512KB.

×

Vaco LLC, ainsi que ses sociétés mères, filiales, affiliées et cessionnaires ("Société," "Nous" ou "Notre") sollicite votre consentement pour vous contacter par le biais de certains appels téléphoniques, courriels ou messages texte automatisés, compositions automatiques, préenregistrés ou autres, qui ne sont pas des urgences, conformément à la Loi sur la protection du consommateur en matière de télémarketing (TCPA), à la Loi sur le contrôle de l'envoi non sollicité de pornographie et de marketing (CAN-SPAM) et aux lois étatiques pertinentes.