Security & Risk Management Program ManagerHybrid in Horsham, PA

About The Position

Requirements

• Strong program management experience leading complex, cross-functional initiatives.
• Experience in information security, such as vulnerability management, risk management, GRC, or security operations.
• Understanding of vulnerability management lifecycle processes, including asset discovery, scanning, validation, prioritization, remediation, exception handling, and reporting.
• Proven ability to lead risk reduction or remediation initiatives across multiple technical teams.
• Experience developing executive reporting, metrics, risk records, meeting outputs, and audit artifact and risk summaries.
• Strong stakeholder management and communication skills across technical and business audiences.
• Experience supporting audits, compliance reviews, evidence collection, or control validation activities.
• Familiarity with vulnerability severity models, CVSS, exploitability, asset criticality, exposure, compensating controls, and risk-based prioritization.

Nice To Haves

• Security-first mindset with strong business judgment
• Ability to drive execution and accountability across distributed teams
• Comfortable operating with ambiguity and executive visibility
• Focus on measurable outcomes and continuous improvement

Responsibilities

• Own and evolve the enterprise vulnerability management program, including governance, operating model, and stakeholder alignment
• Define and execute an integrated roadmap for vulnerability management and security risk reduction initiatives
• Establish accountability, SLAs, and execution standards across security, engineering, and infrastructure teams
• Lead cross-functional risk reduction initiatives; manage timelines, dependencies, and escalation to ensure delivery
• Drive prioritization based on risk exposure, business impact, and regulatory requirements
• Align security, infrastructure, cloud, and application teams on remediation and risk reduction priorities
• Lead risk acceptance and exception processes, including analysis, approvals, and lifecycle management
• Maintain risk registers, treatment plans, and exception tracking aligned to business and compliance objectives
• Ensure appropriate risk segmentation across commercial and government environments
• Translate vulnerability and risk data into actionable insights for leadership decision-making
• Deliver executive-level reporting on risk posture, remediation performance, and program progress
• Define and track metrics to measure risk reduction effectiveness and execution performance
• Ensure audit readiness through complete, traceable documentation and remediation evidence
• Support regulatory and government requirements, including POA&M tracking and control validation
• Partner with GRC and audit stakeholders to meet contractual and compliance obligations

Benefits

• Comprehensive, multi-carrier program for medical, dental and vision benefits
• 401(k) with match and an Employee Share Purchase Plan
• Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs
• Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity
• Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits
• Health Savings, Health Care, Dependent Care and Commuter Spending Accounts
• Up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice
• Shared parental leave
• Study assistance
• Sabbaticals