Yes, you would create a new custom scope and new custom role using that scope and assign it to a security group and put that normal admin user into that group.
New-ManagementScope -Name "Protected Exec Users" -RecipientRestrictionFilter "Title -like 'VP*'" -Exclusive
New-ManagementRoleAssignment -SecurityGroup "Executive Administrators" -Role "Mail Recipients" -CustomRecipientWriteScope "Protected Exec Users"
The RecipientRestrictionFilter would be used to filter the access to those mailboxes
What is common about the mailboxes you want the user to manage? Same Database? etc....