Senior Program Manager - IT

Position Summary:

We are looking for an experienced and execution-focused Senior Manager Cybersecurity Engineering & Projects to lead the delivery of key security initiatives within our healthcare operations across India and the Philippines. The person leads the strategy, design, and execution of enterprise-wide cybersecurity and data protection initiatives.

This role is responsible for architecting secure systems, managing the delivery of major cybersecurity projects, and implementing data-centric security controls that protect sensitive information throughout its lifecycle.This leader will execute security engineering, data security, and secure project delivery functions, ensuring alignment between business objectives, compliance obligations, and the organizations overall risk appetite.

Key Duties & Responsibilities: -Cybersecurity Engineering:

• Lead the design, deployment, and maintenance of secure implementation of technologies including firewalls connections for clients, EDR, CASB, DLP, IAM, and cloud-native security solutions.
• Architect and implement a defense-in-depth security architecture covering network, cloud, and endpoint layers.
• Define and enforce secure configuration baselines aligned with CIS Benchmarks, NIST 800-53, and Zero Trust principles.
• Document client architecture and secure connectivity along with applications aligned with organizational practices
• Collaborate with operations and architecture teams to ensure security is embedded across infrastructure and cloud.

• Lead regional data security program that safeguards sensitive, regulated, and proprietary data across its entire lifecycle creation, storage, use, sharing, and deletion.
• Implement and manage Data Loss Prevention (DLP) solutions across endpoints, networks, and cloud platforms to prevent unauthorized data exposure.
• Oversee deployment of encryption solutions for data at rest, in motion, and in use, ensuring cryptographic controls meet enterprise and regulatory requirements.
• Ensure hardening of devices, IT & security technologies as per CIS and industry best practices.
• Develop and maintain a data classification and handling framework integrated into business processes and applications.
• Partner with Privacy and Legal teams to ensure compliance with HIPAA, GDPR, and other privacy regulations through Security and privacy-by-design principles.
• Ensure secure data transfer, storage, and deletion practices are followed during client and vendor engagements and system decommissioning.

• Lead and manage a portfolio of security and data protection projects, ensuring timely delivery and measurable outcomes.
• Partner with PMO, IT, and business leaders to integrate security requirements into enterprise projects from the outset.

• Collaborate with GRC, Privacy, Legal, and Compliance to ensure data and system security controls meet audit and certification standards (ISO 27001, HIPAA, HITRUST, SOC 2, PCI DSS).
• Support security audits, risk assessments, and remediation closure across business units and vendors.
• Contribute to the Security Governance Council by reporting key data and system risk indicators.
• Partner with Security Operations and Incident Response teams to enhance detection and response related to data breaches or exfiltration attempts

• Bachelors or Masters degree in Technology, Cybersecurity, Health Information Technology, Risk Management, or a related discipline.

• 10-12 years of progressive experience in security engineering, data protection, and infrastructure security, with at least 5 years in leadership roles.
• Proven experience managing large-scale cybersecurity and data protection programs in regulated industries (healthcare, BFSI, SaaS, or manufacturing).
• Hands-on expertise in DLP, encryption, key management, tokenization, data masking, and cloud security.
• Experience integrating data protection controls into cloud platforms (AWS, Azure) and SaaS environments (O365, Salesforce, Workday, etc.).
• Strong knowledge of compliance standards (HIPAA, HITRUST, NIST 800-171, PCI DSS, ISO 27001).

• Project Management Professional (PMP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)