Manager, Information Security

About The Position

Requirements

• 5+ years of progressive experience in information security, security operations, or security engineering roles
• 3+ years of hands-on experience with SIEM platforms (Splunk, Sentinel, Chronicle, or similar)
• 2+ years of experience managing vulnerability management programs
• Demonstrated experience with SOC operations, security monitoring, and incident response
• Experience supporting SOC2, ISO 27001, or similar compliance frameworks
• Proven track record managing vendor relationships and service providers
• Deep knowledge of security operations center (SOC) capabilities, SIEM platforms, and security monitoring
• Hands-on experience with vulnerability management tools (Nessus, Qualys, Rapid7, or similar)
• Strong understanding of cloud security architectures (AWS and/or Azure) and cloud-native security controls
• Experience with endpoint detection and response (EDR/XDR) platforms
• Working knowledge of data loss prevention (DLP) technologies and data classification frameworks
• Knowledge of identity and access management, SSO, MFA, and privileged access management
• Proven experience leading security incident investigations and coordinating response efforts
• Knowledge of common attack vectors, TTPs, and MITRE ATT&CK framework
• Experience conducting root cause analysis and implementing remediation strategies
• Ability to analyze security events, correlate indicators, and identify true threats
• Deep understanding of SOC2 requirements and security control frameworks
• Knowledge of HIPAA Security Rule and PHI/PII protection requirements
• Familiarity with ISO 27001, NIST CSF, and other information security frameworks
• Ability to translate compliance requirements into technical security controls
• Excellent communication skills with ability to explain security risks to non-technical audiences
• Strong presentation skills for executive leadership and board-level reporting
• Ability to influence without direct authority and build consensus across teams
• Experience managing vendor relationships and negotiating service level agreements

Nice To Haves

• Bachelor's degree in Information Security, Computer Science, Information Systems, or related field
• CISSP (Certified Information Systems Security Professional) or similar security certification
• GIAC certifications (GCIH, GCIA, GMON, or similar)
• AWS Certified Security Specialty or Azure Security Engineer certification
• Experience implementing and managing MSSP or SOC-as-a-Service partnerships
• Experience with Microsoft Purview, Azure Information Protection, or similar DLP and DSPM platforms
• Background in both security operations and security architecture roles
• Experience scaling security programs in high-growth companies

Responsibilities

• Security Operations Center (SOC) Strategy & MSSP Management
• Lead vendor selection process for 24/7 MSSP partnership, including RFP development, vendor evaluation, and contract negotiation
• Own ongoing MSSP relationship including performance management, escalations, SLA tracking, and quarterly business reviews
• Define monitoring requirements, use cases, and alert logic from our systems to the MSSP to the responsible parties inside MacroHealth
• Partner with DevOps and IT teams to ensure relevant logs are consistently delivered to our SIEM and MSSP monitoring platform
• Establish incident escalation procedures and coordinate incident response activities
• Tune detection rules and reduce false positives through continuous optimization
• Expand vulnerability management program from production-only to comprehensive corporate asset coverage
• Own and optimize Nessus vulnerability scanning platform, including deployment to corporate networks and endpoints
• Establish vulnerability assessment procedures, remediation SLAs by severity, and tracking mechanisms
• Partner with IT Operations, DevOps, and Engineering teams on remediation prioritization and execution
• Establish vulnerability management metrics and executive reporting on risk posture
• Define security requirements and standards for cloud environments (AWS/Azure) in partnership with DevOps and Engineering
• Work with DevOps to define SAST/DAST requirements and monitor for adherence; establish "Secure by Design" principles
• Design and implement data classification framework to support DLP, compliance, and data governance
• Lead deployment of DSPM, DLP, and data governance workflows
• Architect endpoint security solutions including EDR/XDR capabilities
• Define logging and monitoring requirements for production, pre-production, and corporate environments
• Partner with IT Operations on identity security, SSO/MFA implementation, and privileged identity management
• Develop and maintain security incident response playbooks and procedures
• Coordinate cross-functional incident response efforts involving IT, Engineering, DevOps, Legal, and executive leadership
• Lead tabletop exercises and incident response simulations to test preparedness
• Conduct post-incident reviews and implement lessons learned
• Own all security-related SOC2 controls including evidence collection, testing, and audit liaison
• Ensure security controls meet requirements for HIPAA (Business Associate), CCPA, PIPA, and other applicable regulations
• Partner with GRC team on security risk assessments and risk treatment planning
• Maintain audit-ready documentation for security configurations, controls, and procedures
• Support annual SOC2 audits and address security-related findings
• Develop and maintain multi-year security roadmap aligned to business growth and risk landscape
• Establish security awareness training program in partnership with HR and GRC
• Identify opportunities for security automation and tool consolidation