Engagement Manager (Cybersecurity Advisory & Execution)

Description

We are looking for an Engagement Manager who lives at the intersection of execution discipline and high-value advisory. This is a high-impact, 80 to 85% billable role where you are leading the charge on critical healthcare cybersecurity engagements, most notably Security Risk Assessments (SRAs). You will lead client interviews, conduct in-flight QA checks, and ensure that complex deliverables, from SRAs to HITRUST certifications, are truly meaningful to client leadership. Ideal for someone who can bridge business and technical conversations.
True Advisory: You’ll spend the vast majority of your time (80 to 85%) directly with clients, gathering key insights on their security program to turn into actionable recommendations.
Authority to Act: We want you to perform periodic QA checks of work products, identifying gaps in the project lifecycle, steering the ship back on track before issues arise.
Grow Your Expertise: You’ll work alongside top-tier HITRUST, NIST, and HIPAA subject matter experts, acting as a consultant-practitioner who translates technical jargon into business value.
Strategic Impact: Beyond simple task-tracking, you will help clients navigate the complexities of Governance, Risk, and Compliance (GRC) and provide recommendations for strengthening security programs.
How to Beat the Bots (The 'Human' Test)

We value attention to detail. In your application or cover letter, please mention one specific cybersecurity framework (e.g., NIST CSF, HITRUST, NIST 800-53) you have experience with and one red flag you typically look for when performing a security risk assessment or TPRM review.
Role Overview

The Engagement Manager (EM) is a high-visibility, heavily client-facing role with an expected 80 to 85% billable utilization rate dedicated to client delivery. This is not a ‘behind-the-scenes’ coordination role; you will be the primary engine for client interviews and a key voice in advisory sessions. This role ensures engagements move forward efficiently while also helping clients understand risks, recommendations, and next steps in a clear and practical way.
The EM Is Accountable For

Driving execution across engagements.
Ensuring team accountability and follow-through.
Supporting delivery quality and structure.
Contributing to client conversations with consultative insight and guidance on cybersecurity, GRC and Third-Party Risk Management matters.
The EM Ensures

Engagement delivery stays on track operationally.
Clients receive professional consultative experiences.
Deliverables are completed, understood by the client, and provide actionable results.
Why This Role Exists

Execution: coordination, follow-through.
Delivery: quality, structure.
Advisory: client understanding and value realization.
Core Responsibilities

Engagement Execution and Coordination

Track tasks, milestones, and deliverables across multiple engagements.
Ensure team members complete assigned work on time.
Follow up on outstanding items (internal and client).
Maintain engagement trackers (e.g., Smartsheet project plans).
Coordinate scheduling of interviews, status calls, and deliverables.

Advisory Client Engagement

Lead and facilitate client interviews and discovery sessions, applying subject matter expertise in security risk assessments and HITRUST to probe deeper than a standard checklist.
Actively contribute to technical and strategic discussions regarding cybersecurity frameworks, ensuring Meditology’s expertise is evident in every interaction.
Participate in client conversations with context and insight, not just coordination.
Help translate technical findings into business-relevant language.
Reinforce the “so what” and “now what” behind deliverables and security recommendations.
Guide clients on priorities and next steps for remediating risks identified during security risk assessments.
Support Strategic Business Reviews (SBRs), roadmap discussions, and remediation conversations with clients.

Client Coordination and Responsiveness

Coordinate client requests and ensure timely follow-up.
Track client deliverables: evidence, questionnaires, other inputs.
Support status updates and meeting preparation.
Reinforce timelines and expectations with clients.
Conduct periodic, structured QA pulse checks across the project lifecycle.
Assess engagement health by verifying that technical work aligns with client objectives and Meditology standards at each milestone.
Proactively identify projects that are drifting from the established framework and implement corrective actions before delivery is impacted.
Escalate delays or risks to Delivery Manager.

Deliverable Development Support (with Advisory Lens)

Compile inputs into structured draft deliverables, ensuring findings for HITRUST, security risk assessments, and GRC engagements are framed in a way that supports executive decision-making.
Ensure consistency, clarity, and logical flow.
Identify gaps in content or unclear findings within TPRM reports or compliance matrices before they reach final QA.
Ensure findings are framed in a way that supports decision-making.
Prepare deliverables for QA review.

Execution Discipline and Accountability

Follow up on late or incomplete tasks.
Ensure routine deliverables (e.g., evidence testing and follow ups, risk registers, reports) are completed on time.
Drive adherence to engagement cadence.
Address execution gaps proactively.

Risk Identification and Advisory Escalation

Flag timeline, scope, or delivery risks early.
Provide context on potential client impact.
Escalate with recommendations, not just problems.
Help connect risks to broader client priorities.

Support Engagement Manager Governance

Ensure trackers, documentation, and reporting inputs are accurate.
Prepare materials for status calls and leadership reviews.
Support governance processes.

Tactical Weekly Activities

Driving follow-ups across teams and clients.
Updating engagement trackers and status inputs.
Supporting and contributing to client calls.
Translating findings into structured outputs.
Tracking evidence and deliverables.
Escalating risks with context.
Supporting advisory conversations (e.g., remediation discussions).
What This Role Is NOT

Not a manager of people.
Not purely administrative or coordination focused.
Not limited to task tracking, you must contribute thinking and insight.
Not responsible for final executive QA or overall engagement strategy.
Requirements

Experience

6 to 8 years in cybersecurity, IT risk, consulting, or advisory environments.
Direct experience managing or delivering security risk assessments and HITRUST engagements is highly preferred.
Experience with SRA, HITRUST, NIST, PCI, or similar frameworks preferred.
Experience with Governance, Risk, and Compliance (GRC) methodologies and Third-Party Risk Management (TPRM) programs is a significant plus.
Understanding and familiarity of various technology and security solutions implemented within a security program.
Skills

Strong organization and task management.
Ability to connect technical and security work to business impact.
Clear communication (written and verbal).
Structured thinking.
Ability to drive accountability across peers.
Foundational consulting and advisory capability.
Demonstrated Subject Matter Expertise: Ability to speak the language of healthcare cybersecurity frameworks including HITRUST, NIST CSF, and HIPAA.
Advisory Depth: Ability to translate complex technical findings from a risk assessment into actionable business risk advisory for non-technical stakeholders.
Traits

Execution-oriented with strong follow-through.
Naturally curious and analytical.
Comfortable speaking with clients (not just internally).
Proactive and solutions oriented.
High ownership mindset.
What We Offer

A mission-driven culture focused on protecting healthcare organizations and the patients they serve.
A remote/hybrid work environment with flexibility and autonomy.
Close collaboration with executive leadership and opportunity for growth.
Competitive compensation and benefits.
A team-oriented environment that values initiative, creativity, and ownership.
Meditology Services is an equal opportunity employer. The company does not discriminate in employment and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, pregnancy, sexual orientation, gender identity, marital status, religion, age, disability, results of genetic testing, service in the military or any other trait that is protected under local, state or federal law. Equal employment opportunity applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation, and training.

#J-18808-Ljbffr