Engagement Manager (Cybersecurity Advisory & Execution)

Description:

Title: Engagement Manager (Cybersecurity Advisory & Execution)

The Role in a Nutshell

We are looking for an Engagement Manager who lives at the intersection of execution discipline and high-value advisory. This is a high-impact, 80 to 85% billable role where you are leading the charge on critical healthcare cybersecurity engagements, most notably Security Risk Assessments (SRAs). You will lead client interviews, conduct in-flight QA checks, and ensure that complex deliverables, from SRAs to HITRUST certifications, are truly meaningful to client leadership. Ideal for someone who can bridge business and technical conversations.

Why You’ll Love It

• True Advisory: You’ll spend the vast majority of your time (80 to 85%) directly with clients, gathering key insights on their security program to turn into actionable recommendations.
• Authority to Act: We want you to perform periodic QA checks of work products, identifying gaps in the project lifecycle, steering the ship back on track before issues arise.
• Grow Your Expertise: You’ll work alongside top-tier HITRUST, NIST, and HIPAA subject matter experts, acting as a consultant-practitioner who translates technical jargon into business value.
• Strategic Impact: Beyond simple task-tracking, you will help clients navigate the complexities of Governance, Risk, and Compliance (GRC) and provide recommendations for strengthening security programs.
  
  

How to Beat the Bots (The "Human" Test)

We value attention to detail. In your application or cover letter, please mention one specific cybersecurity framework (e.g., NIST CSF, HITRUST, NIST 800-53) you have experience with and one red flag you typically look for when performing a security risk assessment or TPRM review.

Job Description

Role Overview

The Engagement Manager (EM) is a high-visibility, heavily client-facing role with an expected 80 to 85% billable utilization rate dedicated to client delivery. This is not a ‘behind-the-scenes’ coordination role; you will be the primary engine for client interviews and a key voice in advisory sessions.

This role ensures engagements move forward efficiently while also helping clients understand risks, recommendations, and next steps in a clear and practical way.

The EM Is Accountable For:

• Driving execution across engagements.
• Ensuring team accountability and follow-through.
• Supporting delivery quality and structure.
• Contributing to client conversations with consultative insight and guidance on cybersecurity, GRC and Third Party Risk Management matters.
  
  

The EM Ensures:

• Engagement delivery stays on track operationally.
• Clients receive professional consultative experiences.
• Deliverables are completed, understood by the client, and provide actionable results.
  
  

Why This Role Exists

As Meditology scales, there is a need for a role that bridges:

• Execution: coordination, follow-through.
• Delivery: quality, structure.
• Advisory: client understanding and value realization.
  
  

The Engagement Manager ensures execution discipline improves, and the client experience showcases Meditology as a trusted advisor, not just a service provider or a one time project.

Core Responsibilities

• Engagement Execution and Coordination
  
  

The EM owns the day-to-day movement of the engagement.

Responsibilities:

• Track tasks, milestones, and deliverables across multiple engagements.
• Ensure team members complete assigned work on time.
• Follow up on outstanding items (internal and client).
• Maintain engagement trackers (e.g., Smartsheet project plans).
• Coordinate scheduling of interviews, status calls, and deliverables.
  
  

The EM ensures execution stays on track and nothing stalls.

• Advisory Client Engagement
  
  

The EM contributes to the consultative experience for clients.

Responsibilities:

• Lead and facilitate client interviews and discovery sessions, applying subject matter expertise in security risk assessments and HITRUST to probe deeper than a standard checklist.
• Actively contributes to technical and strategic discussions regarding cybersecurity frameworks, ensuring Meditology’s expertise is evident in every interaction.
• Participate in client conversations with context and insight, not just coordination.
• Help translate technical findings into business-relevant language.
• Reinforce the “so what” and “now what” behind deliverables and security recommendations.
• Guide clients on priorities and next steps for remediating risks identified during security risk assessments.
• Support Strategic Business Reviews (SBRs), roadmap discussions, and remediation conversations with clients.
  
  

The EM helps position Meditology as a trusted advisor, not just a delivery team.

• Client Coordination and Responsiveness
  
  

The EM ensures high-quality client experience.

Responsibilities:

• Coordinate client requests and ensure timely follow-up.
• Track client deliverables: evidence, questionnaires, other inputs.
• Support status updates and meeting preparation.
• Reinforce timelines and expectations with clients.
• Conduct periodic, structured QA pulse checks across the project lifecycle.
• Assess engagement health by verifying that technical work aligns with client objectives and Meditology standards at each milestone.
• Proactively identify projects that are drifting from the established framework and implement corrective actions before delivery is impacted.
• Escalate delays or risks to Delivery Manager.
  
  

The EM ensures the client experiences organization, responsiveness, and professionalism.

• Deliverable Development Support (with Advisory Lens)
  
  

The EM supports development of deliverables that are clear and actionable.

Responsibilities:

• Compile inputs into structured draft deliverables, ensuring findings for HITRUST, security risk assessments, and GRC engagements are framed in a way that supports executive decision-making.
• Ensure consistency, clarity, and logical flow.
• Identify gaps in content or unclear findings within TPRM reports or compliance matrices before they reach final QA.
• Ensure findings are framed in a way that supports decision-making.
• Prepare deliverables for QA review.
  
  

The EM ensures deliverables are not just complete, but client-ready and meaningful.

• Execution Discipline and Accountability
  
  

The EM reinforces accountability across the team.

Responsibilities:

• Follow up on late or incomplete tasks.
• Ensure routine deliverables (e.g., evidence testing and follow ups, risk registers, reports) are completed on time.
• Drive adherence to engagement cadence.
• Address execution gaps proactively.
  
  

The EM helps establish a culture of reliability and follow-through.

• Risk Identification and Advisory Escalation
  
  

The EM identifies engagement risks and frames them appropriately.

Responsibilities:

• Flag timeline, scope, or delivery risks early.
• Provide context on potential client impact.
• Escalate with recommendations, not just problems.
• Help connect risks to broader client priorities.
  
  

The EM acts as both an execution watchdog and advisory signaler.

• Support Engagement Manager Governance
  
  

The EM enables higher-level delivery oversight.

Responsibilities:

• Ensure trackers, documentation, and reporting inputs are accurate.
• Prepare materials for status calls and leadership reviews.
• Support governance processes.
  
  

The EM is the execution engine behind delivery governance.

Tactical Weekly Activities

A Typical Week May Include:

• Driving follow-ups across teams and clients.
• Updating engagement trackers and status inputs.
• Supporting and contributing to client calls.
• Translating findings into structured outputs.
• Tracking evidence and deliverables.
• Escalating risks with context.
• Supporting advisory conversations (e.g., remediation discussions).
  
  

What This Role Is NOT

• Not a manager of people.
• Not purely administrative or coordination focused.
• Not limited to task tracking, you must contribute thinking and insight.
• Not responsible for final executive QA or overall engagement strategy.
  
  

This is a hybrid execution plus advisory role, not just a coordinator.

Requirements:

Required Competencies

Experience

• 6 to 8 years in cybersecurity, IT risk, consulting, or advisory environments.
• Direct experience managing or delivering security risk assessments and HITRUST engagements is highly preferred.
• Experience with SRA, HITRUST, NIST, PCI, or similar frameworks preferred.
• Experience with Governance, Risk, and Compliance (GRC) methodologies and Third-Party Risk Management (TPRM) programs is a significant plus.
• Understanding and familiarity of various technology and security solutions implemented within a security program.
  
  

Skills

• Strong organization and task management.
• Ability to connect technical and security work to business impact.
• Clear communication (written and verbal).
• Structured thinking.
• Ability to drive accountability across peers.
• Foundational consulting and advisory capability.
• Demonstrated Subject Matter Expertise: Ability to speak the language of healthcare cybersecurity frameworks including HITRUST, NIST CSF, and HIPAA.
• Advisory Depth: Ability to translate complex technical findings from a risk assessment into actionable business risk advisory for non-technical stakeholders.
  
  

Traits

• Execution-oriented with strong follow-through.
• Naturally curious and analytical.
• Comfortable speaking with clients (not just internally).
• Proactive and solutions oriented.
• High ownership mindset.
  
  

What We Offer

• A mission-driven culture focused on protecting healthcare organizations and the patients they serve
• A remote/hybrid work environment with flexibility and autonomy
• Close collaboration with executive leadership and opportunity for growth
• Competitive compensation and benefits
• A team-oriented environment that values initiative, creativity, and ownership
  
  

Meditology Services is an equal opportunity employer. The company does not discriminate in employment and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, pregnancy, sexual orientation, gender identity, marital status, religion, age, disability, results of genetic testing, service in the military or any other trait that is protected under local, state or federal law. Equal employment opportunity applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation, and training.