IT Senior Analyst: Vulnerability Management, Patching Governance & Compliance
Job Description
Job Description
Job Title: IT Senior Analyst – Vulnerability Management, Patching Governance & Compliance
Duration: 6-Month Contract
Location: On-site (Authorized U.S. States – see below)
Compensation: $ 32 USD / hour
Position Summary
Important Healthcare organization is seeking an experienced IT Senior Analyst – Vulnerability Management, Patching Governance & Compliance responsible for leading the organization's enterprise vulnerability management and patch governance programs across infrastructure, endpoints, servers, and healthcare technology platforms. This role serves as a key liaison between Cybersecurity, Infrastructure, Clinical Applications, Operations, and Compliance teams to ensure timely remediation of security vulnerabilities while maintaining system availability and supporting patient care.
The successful candidate will establish and monitor patching standards, remediation timelines, compliance metrics, risk reporting, and governance processes across a complex healthcare environment. This position requires strong analytical skills, expertise in vulnerability management platforms, and the ability to drive accountability across multiple technology teams.
This role is instrumental in maintaining regulatory compliance, reducing cybersecurity risk, and ensuring adherence to healthcare industry security standards and organizational policies.
Key Responsibilities
Vulnerability Management & Risk Remediation
- Lead enterprise vulnerability management activities across servers, endpoints, cloud environments, and healthcare technology systems.
- Analyze vulnerability scan results and prioritize remediation efforts based on risk, exploitability, business impact, and regulatory requirements.
- Partner with Infrastructure, Security, Clinical Engineering, and Application teams to coordinate timely remediation activities.
- Track and report remediation progress against established service-level objectives (SLOs) and key performance indicators (KPIs).
- Facilitate risk acceptance and exception management processes when vulnerabilities cannot be remediated within required timelines.
- Monitor industry threat intelligence and emerging vulnerabilities to assess organizational risk exposure.
Work Requirements
- Candidates must currently reside and be authorized to work in one of the following states:
Alabama, Arkansas, Florida, Georgia, Illinois, Indiana, Iowa, Kentucky, Louisiana, Mississippi, Missouri, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Wisconsin, St. Louis, Missouri or Kansas City, Missouri.
Patching Governance
- Develop, maintain, and enforce enterprise patching policies, standards, and procedures.
- Establish governance frameworks for patch deployment and vulnerability remediation activities.
- Ensure patching schedules align with cybersecurity requirements, operational needs, and healthcare system availability standards.
- Oversee compliance with patching SLAs across infrastructure, servers, workstations, virtual environments, and cloud platforms.
- Conduct regular governance reviews to measure patch compliance and remediation effectiveness.
- Support emergency patching activities related to critical security vulnerabilities and zero-day threats.
Compliance & Regulatory Management
- Ensure compliance with healthcare regulations and security frameworks including:
- HIPAA
- HITECH
- NIST Cybersecurity Framework
- CIS Controls
- Joint Commission standards
- Internal security policies and audit requirements
- Prepare compliance reports and executive dashboards demonstrating remediation performance and risk reduction efforts.
- Support internal and external audits related to vulnerability management and patch governance.
- Maintain documentation of remediation activities, exceptions, compensating controls, and compliance evidence.
Reporting & Metrics
- Develop meaningful reporting and executive-level metrics related to:
- Vulnerability aging
- Patch compliance
- Risk exposure
- Remediation performance
- Regulatory compliance
- Present risk findings and remediation trends to leadership, governance committees, and technology stakeholders.
- Identify recurring issues and recommend process improvements to reduce organizational risk.
Cross-Functional Collaboration
- Collaborate closely with:
- Cybersecurity teams
- Infrastructure Operations
- Endpoint Engineering
- Server Administration
- Clinical Application Teams
- Cloud Operations
- Compliance and Audit functions
- Facilitate remediation meetings and governance reviews with technical and business stakeholders.
- Drive accountability for remediation efforts across multiple support teams.
Process Improvement & Automation
- Identify opportunities to streamline vulnerability assessment, reporting, and remediation workflows.
- Support automation initiatives using Microsoft and security management platforms.
- Improve governance processes through data-driven analysis and operational maturity assessments.
- Contribute to strategic cybersecurity and infrastructure initiatives.
Required Qualifications
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field, or equivalent experience.
- 3+ years of experience in vulnerability management, cybersecurity operations, IT governance, infrastructure operations, or compliance.
- Experience managing enterprise vulnerability remediation programs.
- Strong understanding of patch management principles and governance frameworks.
- Experience working in regulated environments such as healthcare, financial services, or government.
- Knowledge of:
- Vulnerability Management Programs
- Security Risk Assessments
- Patch Governance Processes
- IT Compliance and Audit Practices
- Windows and Server Infrastructure
- Endpoint Management Technologies
- Microsoft Entra ID and Active Directory
- Change Management Processes
- Excellent analytical, organizational, and communication skills.
Preferred Qualifications
- Experience supporting healthcare organizations, hospitals, or healthcare delivery networks.
- Familiarity with vulnerability management tools such as:
- Tenable
- Qualys
- Rapid7
- Microsoft Defender Vulnerability Management
- Experience with:
- SCCM/MECM
- Microsoft Intune
- Microsoft Defender Suite
- Azure Cloud Services
- ServiceNow
- Knowledge of enterprise risk management methodologies.
- Project management experience leading cross-functional remediation initiatives.
Preferred Certifications
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CompTIA Security+
- Certified in Cybersecurity (CC)
- Microsoft Certified: Endpoint Administrator Associate
- Microsoft Certified: Azure Administrator Associate
- ITIL Foundation Certification
Recommended Jobs
CNC Production Supervisor
Job Description Job Description Job Title: CNC Production Supervisor Location: Troy, AL Classification: Exempt Grade: Salary Grade 2 Department: Manufacturing Supervisors Re…
Dishwasher-Trussville
Job Description Job Description Description: Summary of Position The dish and general utility position is responsible for maintaining cleanliness and sanitation standards for china, glassware…
Respiratory Therapist
Job Description Job Description Are you looking for a rewarding career and a great opportunity with an established HealthCare facility, look no further! We are currently seeking Registered/Cer…
Residential Door Technician
Job Description Job Description Description: Are you a highly skilled Residential Door Technician looking for an immediate opportunity with a supportive, enthusiastic team? Do you thrive in a wo…
Transmitter Engineer Lead - Kwajalein Atoll - 3815
Job Description Job Description Ready to launch your career? Be part of the next generation of access to space at one of the World’s Premier Gateways to Space! RGNext employees open portals to sp…
Construction Field Engineer
Job Description Job Description Salary: $65,000+ DOE Reports To: Superintendent or Project Manager Travel Required: Yes Nationwide Project Assignments This position is a 75-100% trav…
Water Blast Technician
Job Description Job Description Urgently Hiring- Water Blast Technicians Join the Crew at C&H Industrial! 24/7 Opportunities | Competitive Pay + Growth Opportunities Tired of boring jobs w…
Program Analyst
Job Description Job Description Dexian Government Solutions is recruiting for a Program Analyst to support our contract at the RPSS III in Huntsville, AL. Position Overview: Serves as t…
Registered Nurse (RN) - Outpatient Cardiology, Fairhope, AL
Job Description Job Description Salary: About the Role Cardiology Associates one of Baldwin County's leading cardiology and electrophysiology practices is hiring a full-time Registered Nurs…
Dietary Cook
Food Service Workers, Athens Alabama Felder Services, a leader in healthcare services, is seeking Dietary Cooks. Our opportunity is at a Skilled Nursing Facility located in an excellent area. You wi…