Manager of Security & IT

Fabric•Remote,

2d•$160,000 - $175,000

About The Position

We are looking for a Senior Manager, Security and IT to lead Fabric's security program and corporate IT function. You will set security strategy, run security operations, and own corporate IT for a healthcare technology company that handles PHI at scale. You will hire and lead a small team, partner with the compliance program owner, and be the person who decides what security investments matter and what can wait. This is a hands-on leadership role. You will set policy, but you will also be doing the work, running identity, owning the endpoint program, leading incident response, and reviewing vendors. We are not looking for someone who delegates everything; we are looking for someone who can build the program and then scale it.

Requirements

7+ years of security experience with at least 2 years in a security leadership or management role.
Direct experience managing corporate IT operations: identity, endpoint, MDM, SaaS provisioning, helpdesk.
Strong application security or cloud security background. You will partner closely with our application security engineer and need to be able to lead them, not just manage them.
Experience operating in a healthcare or regulated industry environment.
Working knowledge of SOC2 and HIPAA frameworks.
Manager experience with 1-3 direct reports, ideally including building a function from a small base.

Nice To Haves

HITRUST familiarity is a plus.
Hands-on experience with Okta or another modern IAM/SSO platform.
AWS or GCP cloud security depth.
Prior incident response leadership at a healthcare or regulated company.
HITRUST or NIST 800-66 specific familiarity.
Experience working with external auditors and assessors.

Responsibilities

Lead Fabric's security program across application security, security operations, identity and access management, endpoint security, cloud security, and vendor security.
Own corporate IT operations including identity platform (Okta or equivalent), MDM, endpoint management, helpdesk, hardware and SaaS provisioning.
Hire and grow the team. Start with 1-2 reports (an IT generalist and our application security engineer), build out as the company scales.
Partner with the owner of our compliance program to feed evidence, implement controls, and operationalize SOC2, HITRUST, and HIPAA requirements without bottlenecking either side.
Lead customer security questionnaire responses and vendor security reviews. You are the person who can speak to a CISO at a health system and earn their trust.
Own incident response end-to-end: detection, triage, response, post-mortem, and the improvements that follow.
Set security policy and standards that engineering, product, and operations can actually follow.
Represent security in executive conversations about risk, investment, and tradeoffs.