The Opportunity

One Medical, part of Amazon Health, is on a mission to reinvent and drive the future of healthcare. Security is an essential part of this mission as it earns and maintains customer trust. The Security Programs (PMO) team is looking to hire great people who are passionate about the future of healthcare, are excited about solving complex problems to protect our customers and are continually looking to raise the bar on security.

If you have a bias for action, customer obsession, and delight in making clarity from ambiguity, this might be the role for you. This position will require a broad set of skills including, but not limited to, authoring technical documentation consumed across the org, deep-diving new technologies, evaluating security posture and identifying mitigations, strategy development, and executive reporting.

The Sr Vulnerability Management Program Manager is responsible for developing, implementing, and overseeing an effective vulnerability management program within One Medical. This role will work directly with builders and leadership across One Medical Security, working particularly closely with Information Security, Tech Compliance, IT Engineering, IT Operations, Product Development, and other program managers in the IT/Security Project Management Office (PMO). This role will also work closely with many Amazon counterparts. By fostering strong cross-functional partnerships, the Program Manager will ensure that vulnerabilities are identified, assessed, prioritized, remediated efficiently, and reported on effectively, thereby enhancing the overall security posture of the organization.

You'll create escalation and exception processes, design and execute a delightful customer experience, consider the larger picture to balance customer requirements with deliverability, see patterns to improve efficiency, and act as a subject matter expert in vulnerability solutions management. You are responsible for project management, deeply understanding business goals and technical requirements, partner effectively with technical managers, and drive progress through timely decisions and effective risk mitigation.

You're very experienced in your field and craft, and ready to hit the ground running with very little coaching. You're amazing at figuring out new organizations, love meeting new people, and are an excellent writer.

What you'll likely work on:

Develop Program Strategy:

• Partner with Tech (Security, IT & Product Development) leaders to develop and maintain a comprehensive vulnerability management strategy aligned with the organization's security goals and industry best practices.
• Establish policies, procedures, and guidelines for vulnerability assessment, reporting, and remediation processes.

Vulnerability Assessment:

• Oversee and report out on the regular scanning and assessment of the organization's Tech infrastructure, applications, and systems to identify potential vulnerabilities.
• Collaborate with internal and external stakeholders to ensure thorough assessments are performed and accurate vulnerability data is collected.

Vulnerability Remediation:

• Work closely with Tech teams to prioritize and track identified vulnerabilities based on their severity and potential impact.
• Coordinate and facilitate remediation efforts to ensure timely and effective resolution of vulnerabilities.
• Provide guidance and support to teams responsible for fixing vulnerabilities, ensuring proper risk management practices are followed.

Resource Planning and Management:

• Identify resource requirements for the successful execution of the vulnerability management program and collaborate with relevant stakeholders to secure necessary resources, including budget, tools, and personnel.

Project Manager Guidance and Mentorship:

• Guide and mentor project managers working under the vulnerability management program, providing direction and support.
• Ensure project managers adhere to program guidelines, deadlines, and quality standards.

Reporting and Metrics:

• Generate regular vulnerability management reports for key stakeholders, including executive management and relevant teams.
• Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of the vulnerability management program.

Compliance and Standards:

• Ensure the vulnerability management program aligns with relevant industry standards, regulations, and compliance requirements.

Here's what collaboration with teams might look like:

• Information Security to align vulnerability management efforts with broader security initiatives and objectives, while also sharing vulnerability data and insights to enhance threat detection and response capabilities.
• Tech Compliance to ensure compliance with relevant security standards and regulations, and also participate in third-party vendor assessments to identify and address security risks associated with vendors.
• IT Engineering, IT Operations, Product teams to prioritize and remediate identified vulnerabilities, ensure timely deployment of critical security patches, and integrate vulnerability management processes into routine operations.
• Security Awareness and Training Program Manager to promote security awareness initiatives and best practices across the organization, coordinating efforts to educate employees about the importance of reporting vulnerabilities and adopting secure practices.

You'll need:

• 5+ years experience in a Security Technical Program Management function preferably in a Healthcare or Healthcare adjacent field.
• 3+ years Technical Project Management experience related to vulnerability management
• 3+ years directing and coaching project managers to achieve program objectives
• Demonstrated ability to stand up and run a vulnerability management program with little coaching
• Exceptional stakeholder management skills with a track record of aligning different teams' priorities to drive commitment to a shared goal
• Demonstrated ability to identify areas of improvement for overall business performance and communicate effectively to own and drive necessary change management
• Demonstrated ability to manage complex dependency management and identify risks
• Experience with a demanding reporting cycle/environment
• Experience with comfortably interacting with and presenting to executive stakeholders

Not required, but would be great if you have:

• Experience with Amazon's Security Org/Amazon Leadership Principles & mechanisms

Benefits designed to aid your health and wellness:

Taking care of you today

• Paid sabbatical after 5 and 10 years
• Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
• Competitive Medical, Dental and Vision plans
• Free One Medical memberships for yourself, your friends and family
• Pre-Tax commuter benefits
• PTO cash outs - Option to cash out up to 40 accrued hours per year

Protecting your future for you and your family

• 401K match
• Opportunity to participate in company equity programs
• Credit towards emergency childcare
• Company paid maternity and paternity leave
• Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
• Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance

This is a full-time remote role based in the United States. One Medicalis committed to fair and equitable compensation practices. The base salary range for this role is $110,200to $196,000 Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. The total compensation package for this position may also include RSUs, benefits and/or other applicable incentive compensation plans. For more information, visit

#LI-DNI