Senior Healthcare Cybersecurity & Operations Manager (Onsite)

ConvenientMD is seeking a Senior Healthcare Cybersecurity & Operations Manager to serve as a hands-on cybersecurity subject matter expert and trusted technical partner within our growing healthcare organization. This role is ideal for someone who can move fluidly between execution and influence – strengthening systems, assessing risk, supporting IT operations, and helping senior leadership understand how cybersecurity decisions impact the business, our teams, and patient care. 

This position is designed for someone who can operate in the details while also bringing the judgment, communication, and subject matter expertise needed to support broader technology decisions. The right person will be comfortable assessing risk, improving processes, responding to security needs, supporting infrastructure, and translating complex technical considerations into clear, business-relevant recommendations. 

This is not a traditional management role or a governance-only position. We are looking for a senior individual contributor who can serve as a trusted cybersecurity SME, operational problem-solver, and cross-functional partner. Governance, compliance, and documentation are important parts of the work, but the core need is healthcare cybersecurity expertise paired with practical IT operations experience.

This role is not remote. This position is based onsite at ConvenientMD headquarters in Portsmouth, NH. 

Healthcare Cybersecurity & Risk Management 

• Serve as a key cybersecurity subject matter expert across ConvenientMD’s healthcare technology environment.
• Support the development, implementation, and ongoing improvement of cybersecurity strategies, policies, procedures, and controls to protect organizational data, clinical systems, and sensitive patient information.
• Monitor, assess, and respond to cybersecurity risks, vulnerabilities, incidents, and emerging threats, coordinating remediation efforts with internal teams and external partners as needed.
• Apply healthcare-specific security and regulatory knowledge, including HIPAA, privacy, compliance, and risk management considerations, to support secure technology decisions.
• Help champion a culture of cybersecurity awareness and best practices across clinical, corporate, and technical teams.

IT Operations, Infrastructure & Technical Execution 

• Support secure and reliable IT operations across infrastructure, networking, platforms, hardware, devices, applications, and end-user environments.
• Partner with IT teams to identify operational gaps, strengthen systems, troubleshoot complex issues, and improve the overall stability and security of the technology environment.
• Evaluate tools, workflows, access controls, support trends, infrastructure needs, and healthcare technology requirements, including HIPAA, HITRUST, privacy, compliance, clinical operations, patient data protection, and regulated systems, to recommend practical improvements.
• Develop and perform a penetration testing schedule, partnering with internal teams and external vendors as needed to support timely remediation of identified vulnerabilities.
• Plan and execute an annual tabletop disaster recovery/business continuity exercise to test readiness, identify gaps, and strengthen organizational response planning.
• Assist with technology initiatives that require both cybersecurity insight and operational execution. 

Strategic Partnership & Business Influence 

• Act as a trusted technical partner to IT leadership, including the CIO, by helping assess risk, frame options, and translate cybersecurity and infrastructure considerations into business-relevant recommendations.
• Partner with clinical, operational, and corporate stakeholders to ensure technology solutions are secure, scalable, practical, and aligned with patient care needs.
• Influence decisions through subject matter expertise, clear communication, risk analysis, and thoughtful recommendations.
• Support governance-related work where needed, including documentation, policy alignment, process improvement, and compliance readiness, while keeping cybersecurity and healthcare technology risk at the center of the role.

Continuous Improvement & Documentation 

• Analyze data, support trends, recurring issues, and risk indicators to identify opportunities for improvement.
• Develop and maintain clear documentation, including technical procedures, cybersecurity policies, user resources, and process materials.
• Support the creation of self-service resources and end-user guidance to improve efficiency and reduce preventable support volume.
• Track and report on relevant KPIs, risks, trends, and improvement efforts to support accountability and informed decision-making. 

You are a hands-on cybersecurity and IT operations professional with strong healthcare experience. You are comfortable moving between technical execution and strategic conversation, and you know how to communicate risk clearly to both technical and non-technical audiences. 

You are not looking for a purely advisory or governance-only role. You enjoy being in the weeds, solving problems, strengthening systems, and helping a growing healthcare organization make smart, secure technology decisions.  

Experience 

• 5–8+ years of experience across IT security, infrastructure, operations, networking, applications, platforms, hardware, and/or technical support.
• Strong cybersecurity experience within a healthcare environment is required.
• Experience supporting cybersecurity programs, incident response, vulnerability management, penetration testing coordination, risk remediation, access controls, security policies, and regulatory requirements.
• Working knowledge of healthcare technology environments, including HIPAA, HITRUST, privacy, compliance, clinical operations, patient data protection, and regulated systems.
• Experience partnering with senior IT or business leadership to assess risk, influence decisions, and support technology planning.
• Experience with IT governance, documentation, policy development, disaster recovery/business continuity planning, or compliance processes preferred, but this role is not intended to be governance-only.
• Prior people leadership or team development experience is helpful, but this role is primarily designed as a senior individual contributor and cross-functional partner. 

Key Strengths 

• Cybersecurity-first mindset: You understand how to identify, assess, communicate, and remediate cybersecurity risk in a healthcare setting. 
• Healthcare technology fluency: You understand the importance of protecting patient data, supporting clinical operations, and balancing security with practical care delivery needs. 
• Hands-on execution: You are willing and able to dig into issues, support remediation, improve systems, and help move work forward directly. 
• Strategic influence: You can sit beside senior leadership, explain what matters, and help shape decisions without needing to be the final decision-maker. 
• Strong communication: You can translate complex technical information into clear business impact for clinical, corporate, and operational stakeholders. 
• Operational flexibility: You are comfortable wearing multiple hats across cybersecurity, infrastructure, support optimization, documentation, governance, and process improvement. 
• Collaborative approach: You build trust across teams and partner effectively with technical and non-technical stakeholders. 
• Detail orientation: You value accurate documentation, thoughtful process design, and clear follow-through.

• Collaborative team environment that encourages professional growth
• Urgent care services at no cost to our team members and their families
• Extensive benefit offerings including health, dental, and vision coverage, company paid short-term disability, and optional pet insurance
• 401k match after one year of service 
• Access to our primary care (depending on location)
• Educational Alliance with Purdue University Global and reduced tuition rates for team members and their families 
• Employer rewards and access to discounts offered on services and products such as hotels, travel, entertainment, restaurants, and more

There's a job and then there's purposeful, transformative work. Our aim is to create a workplace where you can learn, grow, and continuously refine your skills. Applicants rarely meet every single job requirement, and we appreciate that many skills and backgrounds can make people successful in this role. We are committed to creating a strong sense of belonging for all team members, and our process is designed to prevent discrimination against applicants regardless of gender identity, sexual orientation, religion, ethnicity, age, disability status, or any other aspect which makes you unique. If you’re looking for a great next step, and want to feel good about what you do, we’d love to hear from you. 

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.