Senior Manager, Vulnerability Management

Job Description

Phreesia is seeking a Senior Manager, Vulnerability Management to oversee and mature the company's vulnerability management and penetration testing functions as part of our expanding Information Security team.

In this role, you will be responsible for managing vulnerability scanning infrastructure, assessing and prioritizing security risks, conducting and coordinating penetration testing, and driving remediation efforts across applications, infrastructure, cloud environments, and third-party vendors. You will work closely with teams across the organization in a highly matrixed environment, balancing complex technical requirements with business priorities to reduce cybersecurity risk.

This role requires deep technical expertise combined with strong people leadership, communication, and relationship-building skills. As a key member of Phreesia's Information Security leadership team, the Senior Manager, Vulnerability Management will wear multiple hats, including People Leader, Security Product Manager, Senior Architect, Security Practitioner, Risk Assessor, and Engineer.

Phreesia operates across a diverse and modern technology landscape, including web applications, mobile platforms, hardware, cloud and on-prem environments, and payment systems. The role supports both healthcare and payment compliance requirements, making it a dynamic, challenging, and highly impactful position.

What You'll Do

• Manage, mentor, and grow a team of security engineers focused on securing Phreesia's applications, infrastructure, and third-party vendors
• Own and operate Phreesia's vulnerability management program, including scanning infrastructure, triage, prioritization, and remediation tracking
• Create and execute strategies, roadmaps, and plans to identify, monitor, and mitigate top security risks across the organization
• Partner closely with Infrastructure, Operations, Engineering, Security, Product, and Legal teams to drive effective remediation outcomes
• Manage security vendor relationships and collaborate with the Associate Director of Security Architecture and Infrastructure on forecasting and planning
• Lead internal penetration testing efforts and coordinate external third-party penetration testing in partnership with Legal
• Translate industry security control frameworks and internal policy guidance into practical, actionable testing and remediation programs
• Proactively manage ASV scans, disputes, attestations, and remediation activities to ensure successful completion
• Develop strategies to track, measure, and communicate risk by environment, domain, and product
• Perform or coordinate data analysis to clearly present complex security findings to technical and non-technical stakeholders
• Produce and publish monthly qualitative and quantitative key risk indicators (KRIs) and key performance indicators (KPIs)
• Communicate security risks, progress, and insights effectively to stakeholders and executive leadership
• Support incident response and security activities as needed, including occasional work outside standard business hours

What You'll Bring

• Bachelor's or Master's degree in Engineering, Computer Science, or a related technical field
• 10+ years of experience in software development or information security, including 8+ years in hands-on security engineering
• 3+ years of experience leading security teams and owning vulnerability management and penetration testing programs
• Prior experience operating as a PCI-DSS Level 1 service provider (required)
• Deep hands-on experience with vulnerability scanning, penetration testing, and risk analysis
• Strong knowledge of vulnerability management and penetration testing tools (e.g., Tenable, Qualys, Rapid7, Kali, Burp Suite, SAST/DAST, Powershell Empire)
• Advanced understanding of information security principles, frameworks, and technologies
• Working knowledge of major industry frameworks and regulations, including NIST 800-53, HIPAA, HITRUST, PCI-DSS, SOX, and SOC 2
• Experience securing hybrid and cloud environments (AWS, Azure, VMware)
• Strong understanding of networking, segmentation, and infrastructure security
• Familiarity with application security concepts and the OWASP Top Ten
• Experience with infrastructure-as-code and development technologies (e.g., Python, JavaScript, .NET, Go, Terraform)
• Familiarity with automation, orchestration, and AI/ML-driven security tools
• Proven ability to prioritize, delegate, and communicate effectively across technical and non-technical audiences
• Strong leadership skills with the ability to inspire, mentor, and build diverse, high-performing teams
• Excellent written and verbal communication skills, including the ability to produce clear risk summaries and recommendations
• Willingness to occasionally respond outside of normal working hours and travel approximately 10 days per year

Total Cash Compensation for Canada-based employees ranges from $150,000-$175,000, inclusive of base salary and variable incentive, and is dependent on qualifications. In addition, Phreesia offers a a highly competitive and comprehensive Total Rewards package

Disclosure: This posting is to fill an existing vacancy.

Who We Are:

At Phreesia, we're looking for smart and passionate people to help drive our mission of creating a better, more engaging healthcare experience. We're committed to helping healthcare organizations succeed in an ever-evolving landscape by transforming the way healthcare is delivered. Our SaaS platform digitizes appointment check-in and offers tools to engage patients, improve efficiency, optimize staffing, and enhance clinical care.

Phreesia cares about our employees by providing a diverse and dynamic work environment. We're a five-time winner of Modern Healthcare Magazine's Best Places to Work in Healthcare award and we've been recognized on the Bloomberg Gender Equality Index. We are dedicated to continuously improving our employee experience by launching new programs and initiatives. If you thrive in a culture of recognition, value inclusivity, professional development, and growth opportunities, Phreesia could be a great fit

Top-rated Employee Benefits:

• Remote First: 100% Remote work + home office expense reimbursements+ monthly reimbursement for cell phone, internet and wellness.
• Top of market rewards: Competitive compensation
• Take time when you need time: Flexible PTO + company holidays
• Top class healthcare benefits: Variety of healthcare benefits for you and your family (and your pets) starting day one
• Care about your families: Generous top-up for parental leave benefits
• Support personal development: Continuing education and professional certification reimbursement
• Connecting in person: Various offsite events and activities for team to connect and meet in person, to support team building and engagement.
• Giveback to community: Local in-person volunteer events, and give back programs to our communities.
• Recognition and perks: We have a company wide recognition tool (Phireworks) to celebrate milestones, recognize achievements and strengthen your bond with your teams. You can accumulate points and redeem them for a wide catalogue of items
• Diversity and inclusive environment: At Phreesia, all employees are encouraged to bring their authentic self to work, feel supported and perform at their best. We have a variety of Employee Resources Groups (ERGs) which bring together individuals from a wide range of backgrounds, experiences and perspectives, and seek to foster a sense of shared community and empowerment for employees who share a common social identity, such as gender, race, ethnicity, and sexual orientation.
• Opportunity to join an Employee Resource Group. Learn more here:

Disclosure: Phreesia uses certain automated tools, including artificial intelligence, to support the assessment of applicants for this position.

We strive to provide a diverse and inclusive environment and are an equal opportunity employer.