Cyber Security Manager

About The Position

Requirements

• 8+ years in cyber security with 3+ years in leadership or program management role
• Direct experience operating a security program in a HIPAA-regulated environment
• Hands-on ownership of at least one full SOC 2 Type II audit cycle
• Deep working knowledge of Azure security services: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, Azure Policy
• Strong application security background covering OWASP Top 10, secure SDLC, and modern web and API security patterns
• Experience managing or running an MDR or SOC function
• Proven incident response leadership, including at least one significant production incident managed end to end
• Excellent written and verbal communication, with the ability to brief executives, customers, and auditors

Nice To Haves

• Healthcare SaaS, medical devices, or remote patient monitoring industry experience
• CISSP, CISM, CCSP, HCISPP, or equivalent certification
• Experience driving a HITRUST CSF r2 certification
• Familiarity with Auth0, .NET, Angular, and SQL Server security hardening
• Working knowledge of FDA cybersecurity guidance for connected medical devices and SaMD
• Prior experience scaling a security program through a Series B to Series C inflection

Responsibilities

• Own the HIPAA, SOC 2 Type II, and HITRUST roadmap and audit execution
• Maintain and evolve security policies, standards, and procedures aligned to NIST CSF and HITRUST CSF
• Manage the enterprise risk register and quarterly executive risk review
• Drive completion of customer security questionnaires, BAAs, and trust portal artifacts
• Own Azure security posture across all subscriptions: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, and Azure Policy
• Partner with Engineering to embed secure SDLC practices: threat modeling, SAST, DAST, SCA, dependency scanning, and PR security gates
• Define and enforce identity, secrets management, encryption, key rotation, and network segmentation standards
• Lead vulnerability management across cloud, application, container, endpoint, and third-party library layers
• Manage the MDR provider relationship and tune detection content for our environment
• Own the incident response plan, tabletop exercises, and breach response playbooks
• Lead investigations end to end: evidence preservation, root cause, customer notification, and any regulatory reporting under the HIPAA Breach Notification Rule
• Operate the security monitoring stack, alert routing, on-call rotation, and SLAs
• Build and run the third-party risk program covering CIED device vendors, EMR integration partners, and SaaS suppliers
• Review architecture and contracts for new integrations: data flow, PHI handling, authentication, and security controls
• Own the customer trust portal, security questionnaires, and pre-sales security support
• Represent Octagos security in customer, prospect, auditor, and partner conversations
• Run security awareness training, phishing simulations, and role-based training for engineering and clinical operations staff
• Define onboarding and offboarding controls for workforce access to PHI systems
• Partner with IT on endpoint security, MDM, and identity lifecycle management
• Build a high-performing security team, including a Security Engineer and a GRC Analyst
• Represent security in board, customer, and investor conversations
• Partner with the VP of Engineering on Series C security and compliance readiness

Benefits

• High-impact role with direct executive and board visibility
• Mission-driven work with measurable patient outcomes
• Modern Azure-native stack and a Claude-first engineering culture
• Competitive base, equity, and comprehensive benefits
• Headquartered in the Houston, Texas Medical ecosystem with deep clinical partnerships