Principal Security Program Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Engineering, or similar.
• 8+ years of progressively responsible experience in cybersecurity, including hands-on engineering responsibilities and ownership of security outcomes.
• Demonstrated experience leading cross-functional initiatives with strong execution discipline.
• Experience managing and optimizing security toolsets and coordinating with external security partners (including a managed SOC).
• Strong written and verbal communication skills, including ability to communicate risk and recommendations to non-technical audiences.

Nice To Haves

• Experience in healthcare or highly regulated environments.
• Security certifications (CISSP, CISM, CCSP, Security+, or equivalent).
• Familiarity with enterprise identity security, cloud security, monitoring/analytics, and audit/compliance support across modern environments (including Microsoft 365 and Azure).

Responsibilities

• Security Program & Portfolio Leadership: Own end-to-end delivery of multiple security initiatives and operational programs with clear outcomes (risk reduction, control maturity, resilience, compliance readiness). Translate security strategy into executable workstreams and sustained operational mechanisms.
• Hands-On Security Engineering: Partner with IT to engineer, implement, and continuously improve security controls across identity, endpoint, email, collaboration, cloud platforms, and core infrastructure (including Microsoft 365 and Azure where applicable). Develop and maintain secure configurations, baselines, and technical guardrails; drive continuous improvement through posture reviews and control validation as appropriate. Perform technical investigation and troubleshooting of security events, misconfigurations, and control gaps; implement corrective actions.
• Cybersecurity Architecture & Defense Strategy: Contribute to security architecture decisions and defense strategies using a layered, threat-informed approach. Assess emerging threats and recommend pragmatic technical and procedural improvements.
• Incident Response & Operational Support (as needed): Support security incident response activities: triage, containment, eradication, recovery, and lessons learned. Improve readiness through playbooks, tabletop exercises, partner coordination, and continuous improvement actions.
• Security Toolset Ownership & Partner Management: Own the operational effectiveness of the security toolset (monitoring, detection, response, email security, vulnerability management, identity protection, logging/analytics, and related systems). Manage security partners including a managed SOC and other third-party security service providers: define outcomes, SLAs, escalation paths, and service quality expectations. Drive detection tuning and alert quality improvements with partners to reduce noise and improve response outcomes.
• Security Awareness and Training: Design and continuously improve security awareness initiatives that reduce human-risk and strengthen security culture. Design, execute, and optimize phishing simulations, including campaign planning, targeting strategies, and metrics (e.g., susceptibility and reporting behaviors) to inform training and reinforcement. Partner with HR/People Ops and business leaders to drive sustained behavior change and measurable improvements over time.
• Audit Support & Control Evidence Readiness: As they occur, support audits by coordinating evidence collection, validating control operation, and ensuring timely closure of findings and remediation actions. Maintain and improve documentation of security controls, technical configurations, procedures, and operating evidence to meet audit and compliance expectations. Translate audit requirements into actionable control improvements and sustainable operational practices.
• Third-Party Risk Assessments (TPRM): Facilitate lean yet effective third-party risk assessments for new and existing vendors, including questionnaire review, evidence validation, risk summaries, and remediation tracking. Evaluate vendor security posture, data handling practices, access models, and incident response capabilities.