Program Manager - Vulnerability, Patching, and Hardening

Ovation Healthcare•Greensboro, NC

1d•Hybrid

About The Position

Welcome to Ovation Healthcare! At Ovation Healthcare, we’ve been making local healthcare better for more than 40 years. Our mission is to strengthen independent community healthcare. We provide independent hospitals and health systems with the support, guidance and tech-enabled shared services needed to remain strong and viable. With a strong sense of purpose and commitment to operating excellence, we help rural healthcare providers fulfill their missions. The Ovation Healthcare difference is the extraordinary combination of operations experience and consulting guidance that fulfills our mission of creating a sustainable future for healthcare organizations. Ovation Healthcare's vision is to be a dynamic, integrated professional services company delivering innovative and executable solutions through experience and thought leadership, while valuing trust, respect, and customer focused behavior. We’re looking for talented, motivated professionals with a desire to help independent hospitals thrive. Working with Ovation Healthcare you will have the opportunity to collaborate with highly skilled subject matter specialists and operations executives, in a collegial atmosphere of professionalism and teamwork. Ovation Healthcare's corporate headquarters is located in Brentwood, TN. For more information, visit https://ovationhc.com. Position summary Owns day-to-day operational delivery for the Vulnerability, Patching, and Hardening program across End User Computing endpoints, Windows servers, Linux servers, network devices, Voice over Internet Protocol platforms, video teleconferencing platforms, and cloud workloads. Ensures vulnerability findings are remediated, patches are deployed, and hardening standards are implemented safely, predictably, and in alignment with security compliance expectations and service level agreement requirements.

Requirements

7 or more years of infrastructure operations, endpoint operations, or remediation delivery experience, including three or more years leading enterprise remediation or patch delivery programs.
Direct, hands-on experience executing production patching and remediation work, including after-hours maintenance windows and formal change control.
Working knowledge of Microsoft endpoint and server patching, Linux patching, and network device firmware or operating system upgrades.
Hands-on experience using Qualys Vulnerability Management for validation, reporting, and remediation closure.
Strong understanding of how vulnerability remediation, patching, and hardening support broader security and compliance objectives, without being primarily an information security role.
Demonstrated experience managing metrics, service level agreement reporting, and operational performance reviews.

Nice To Haves

Hospital information technology experience strongly preferred; broader healthcare experience preferred.
Experience with ServiceNow Change Management, Configuration Management Database, and operational reporting.
Certifications highly desirable: ITIL Foundation, Project Management Professional, Certified Information Systems Security Professional, CompTIA Security+, Microsoft endpoint or server certifications, or equivalent.

Responsibilities

Lead operational execution for vulnerability remediation, patch deployment, and hardening implementation across multiple technology towers and engineering teams.
Use Qualys Vulnerability Management to review vulnerability findings, support prioritization (severity, exploitability, asset criticality), validate closure through rescans, and manage reporting and evidence.
Maintain the integrated remediation calendar and change schedule, including maintenance windows, readiness reviews, stakeholder communications, and post-change validation.
Define and enforce standard remediation lifecycle controls including intake, analysis, remediation planning, testing, deployment, validation, and closure documentation.
Ensure secure configuration hardening baselines are implemented and maintained, including control of configuration drift and repeat findings.
Own operational quality and risk management including rollback planning, dependency management, outage prevention controls, and post-implementation verification.
Drive issue resolution for failed patches, failed configuration changes, and recurring defects; lead root cause analysis and corrective action plans.
Own program metrics, dashboards, and reporting cadence including vulnerability aging, remediation throughput, patch compliance, hardening compliance, exception volumes, failed change rates, mean time to remediate, and repeat findings trends.
Ensure service level agreement measurement and reporting are consistently produced, accurate, and aligned to contractual requirements.
Coordinate closely with Security, Service Management, Service Desk, tower leaders, and client stakeholders to resolve blockers and maintain compliance.