Cyber Security Manager
Octagos Inc.
- Houston, Texas, United States
- Houston, Texas, United States
À propos
Cyber Security Manager Houston, TX, US
14 days ago Requisition ID: 1114
Octagos is modernizing remote cardiac monitoring with AI-powered automation, seamless EHR integrations, and accuracy proven in high-volume, real-world clinics. Atlas AI™ triages cardiac device transmissions to filter nonactionable alerts and highlights the events that need true clinical attention. Through our Two-Brain Approach™ – combining Atlas AI™ with IBHRE-certified oversight – Octagos delivers 99%+ accuracy, sensitivity, and specificity for near-perfect clinical performance. With fast bi-directional EHR integrations, and flexible, cost-effective implementation, Octagos helps clinics scale care efficiently without compromise. Recognized by TIME and Statista as one of the World’s Top HealthTech Companies 2025, Octagos is redefining how cardiac care is delivered.
The Role
We are hiring a Cyber Security Manager to lead and operationalize the security program across Octagos. This role owns the full lifecycle: governance, risk, compliance, application security, cloud security, vendor risk, incident response, and customer-facing security assurance. The role partners closely with Engineering, IT, Product, Compliance, and Customer Success.
This is a hands‑on leadership role. You will set strategy, build the program, and execute against it. You will own the MDR partner relationship, drive the next SOC 2 Type II and HITRUST cycles, and serve as the security voice in architecture, vendor, and customer conversations as we scale toward Series C.
This is an in‑office position located in Houston, Texas.
Key Responsibilities
Governance, Risk, and Compliance
Own the HIPAA, SOC 2 Type II, and HITRUST roadmap and audit execution
Maintain and evolve security policies, standards, and procedures aligned to NIST CSF and HITRUST CSF
Manage the enterprise risk register and quarterly executive risk review
Drive completion of customer security questionnaires, BAAs, and trust portal artifacts
Cloud and Application Security
Own Azure security posture across all subscriptions: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, and Azure Policy
Partner with Engineering to embed secure SDLC practices: threat modeling, SAST, DAST, SCA, dependency scanning, and PR security gates
Define and enforce identity, secrets management, encryption, key rotation, and network segmentation standards
Lead vulnerability management across cloud, application, container, endpoint, and third‑party library layers
Detection, Response, and Operations
Manage the MDR provider relationship and tune detection content for our environment
Own the incident response plan, tabletop exercises, and breach response playbooks
Lead investigations end to end: evidence preservation, root cause, customer notification, and any regulatory reporting under the HIPAA Breach Notification Rule
Operate the security monitoring stack, alert routing, on‑call rotation, and SLAs
Third‑Party and Customer‑Facing Security
Build and run the third‑party risk program covering CIED device vendors, EMR integration partners, and SaaS suppliers
Review architecture and contracts for new integrations: data flow, PHI handling, authentication, and security controls
Own the customer trust portal, security questionnaires, and pre‑sales security support
Represent Octagos security in customer, prospect, auditor, and partner conversations
Workforce Security and Awareness
Run security awareness training, phishing simulations, and role‑based training for engineering and clinical operations staff
Define onboarding and offboarding controls for workforce access to PHI systems
Partner with IT on endpoint security, MDM, and identity lifecycle management
Leadership and Org Building
Build a high‑performing security team, including a Security Engineer and a GRC Analyst
Represent security in board, customer, and investor conversations
Partner with the VP of Engineering on Series C security and compliance readiness
Required Qualifications
8+ years in cyber security with 3+ years in leadership or program management role
Direct experience operating a security program in a HIPAA‑regulated environment
Hands‑on ownership of at least one full SOC 2 Type II audit cycle
Deep working knowledge of Azure security services: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, Azure Policy
Strong application security background covering OWASP Top 10, secure SDLC, and modern web and API security patterns
Experience managing or running an MDR or SOC function
Proven incident response leadership, including at least one significant production incident managed end to end
Excellent written and verbal communication, with the ability to brief executives, customers, and auditors
Preferred Qualifications
Healthcare SaaS, medical devices, or remote patient monitoring industry experience
CISSP, CISM, CCSP, HCISPP, or equivalent certification
Experience driving a HITRUST CSF r2 certification
Familiarity with Auth0, .NET, Angular, and SQL Server security hardening
Working knowledge of FDA cybersecurity guidance for connected medical devices and SaMD
Prior experience scaling a security program through a Series B to Series C inflection
What We Offer
High‑impact role with direct executive and board visibility
Mission‑driven work with measurable patient outcomes
Modern Azure‑native stack and a Claude‑first engineering culture
Competitive base, equity, and comprehensive benefits
Headquartered in the Houston, Texas Medical ecosystem with deep clinical partnerships
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.