Key Facts

Remote From:

Colorado (USA) , Florida (USA) , Texas (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Other Skills

•
Non-Verbal Communication
•
Teamwork
•
Problem Solving

Roles & Responsibilities

Bachelor's degree in Information Security, Computer Science, Engineering, or related field
8+ years of progressively responsible experience in cybersecurity, including hands-on engineering responsibilities and ownership of security outcomes
Demonstrated experience leading cross-functional initiatives with strong execution discipline
Experience managing and optimizing security toolsets and coordinating with external security partners (including a managed SOC)

Requirements:

Lead end-to-end delivery of multiple security initiatives and operational programs with measurable outcomes (risk reduction, control maturity, resilience, compliance readiness)
Partner with IT to engineer, implement, and continuously improve security controls across identity, endpoint, email, collaboration, and cloud platforms (including Microsoft 365 and Azure)
Own the operational effectiveness of the security toolset and manage security partners (e.g., managed SOC) with defined SLAs, escalation paths, and service quality expectations
Design and execute security awareness initiatives, including phishing simulations, and collaborate with HR/People Ops to drive sustained behavior change and measurable improvements

Physician Health Partners

About Physician Health Partners

Denver based Physician Health Partners (PHP) is an integrated team of physicians and healthcare professionals committed to supporting effective patient care throughout the healthcare continuum. Founded in 1996 as a management services organization, PHP believes physicians and other providers have the capability and responsibility to drive high quality, cost-effective healthcare for patients. PHP collaborates with more than 300 primary care providers in the Denver metro area who share the goal of providing the right care, at the right time and in the right setting. Because we were formed and are still led by physicians, we strive to support and enhance the primary care physician’s role in coordinating care for patients. We provide innovative tools and programs to help drive quality outcomes and more cost-effective healthcare to their patients. PHP is involved in several Accountable Care Organization (ACO) structures that serve more than 240,000 patients in the Denver area. Physician Health Partners is involved in the following initiatives: Aetna Commercial ACO Anthem Enhanced Personal Health Care Program ACO Cigna Accountable Care ACO Colorado Community Health Alliance (Colorado Medicaid) Colorado HealthOp ACO Colorado Pediatric Collaborative Independent Practice Associations – Colorado Pediatric Partners, Primary Physician Partners, South Metro Primary Care Medicare Shared Savings Program (Medicare) UnitedHealthcare Commercial ACO UnitedHealthcare AARP Medicare Complete (Medicare Advantage)

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Job Description:

Reporting to the CISO, the Principal Security Program Manager is the leader responsible for driving measurable risk reduction through a blend of hands-on security engineering and program-level execution. This role partners across IT, clinical operations, compliance, and business leaders to implement pragmatic security controls, improve detection and response, strengthen security awareness, and maintain audit readiness. The scope includes securing a hybrid on-prem and cloud technology stack, including Microsoft365 and Azure, while maintaining a balanced defense-in-depth approach.

Key Responsibilities

Security Program & Portfolio Leadership

Own end-to-end delivery of multiple security initiatives and operational programs with clear outcomes (risk reduction, control maturity, resilience, compliance readiness).
Translate security strategy into executable workstreams and sustained operational mechanisms.

Hands-On Security Engineering

Partner with IT to engineer, implement, and continuously improve security controls across identity, endpoint, email, collaboration, cloud platforms, and core infrastructure (including Microsoft 365 and Azure where applicable).
Develop and maintain secure configurations, baselines, and technical guardrails; drive continuous improvement through posture reviews and control validation as appropriate.
Perform technical investigation and troubleshooting of security events, misconfigurations, and control gaps; implement corrective actions.

Cybersecurity Architecture & Defense Strategy

Contribute to security architecture decisions and defense strategies using a layered, threat-informed approach.
Assess emerging threats and recommend pragmatic technical and procedural improvements.

Incident Response & Operational Support (as needed)

Support security incident response activities: triage, containment, eradication, recovery, and lessons learned.
Improve readiness through playbooks, tabletop exercises, partner coordination, and continuous improvement actions.

Security Toolset Ownership & Partner Management

Own the operational effectiveness of the security toolset (monitoring, detection, response, email security, vulnerability management, identity protection, logging/analytics, and related systems).
Manage security partners including a managed SOC and other third-party security service providers: define outcomes, SLAs, escalation paths, and service quality expectations.
Drive detection tuning and alert quality improvements with partners to reduce noise and improve response outcomes.

Security Awareness and Training

Design and continuously improve security awareness initiatives that reduce human-risk and strengthen security culture.
Design, execute, and optimize phishing simulations, including campaign planning, targeting strategies, and metrics (e.g., susceptibility and reporting behaviors) to inform training and reinforcement.
Partner with HR/People Ops and business leaders to drive sustained behavior change and measurable improvements over time.

Audit Support & Control Evidence Readiness

As they occur, support audits by coordinating evidence collection, validating control operation, and ensuring timely closure of findings and remediation actions.
Maintain and improve documentation of security controls, technical configurations, procedures, and operating evidence to meet audit and compliance expectations.
Translate audit requirements into actionable control improvements and sustainable operational practices.

Third-Party Risk Assessments (TPRM)

Facilitate lean yet effective third-party risk assessments for new and existing vendors, including questionnaire review, evidence validation, risk summaries, and remediation tracking.
Evaluate vendor security posture, data handling practices, access models, and incident response capabilities.

Required Qualifications

Bachelor’s degree in Information Security, Computer Science, Engineering, or similar.
8+ years of progressively responsible experience in cybersecurity, including hands-on engineering responsibilities and ownership of security outcomes.
Demonstrated experience leading cross-functional initiatives with strong execution discipline.
Experience managing and optimizing security toolsets and coordinating with external security partners (including a managed SOC).
Strong written and verbal communication skills, including ability to communicate risk and recommendations to non-technical audiences.

Preferred Qualifications

Experience in healthcare or highly regulated environments.
Security certifications (CISSP, CISM, CCSP, Security+, or equivalent).
Familiarity with enterprise identity security, cloud security, monitoring/analytics, and audit/compliance support across modern environments (including Microsoft 365 and Azure).

Core Competencies