Cyber Security Manager

About Octagos Health

Octagos is modernizing remote cardiac monitoring with AI-powered automation, seamless EHR integrations, and accuracy proven in high-volume, real-world clinics. Atlas AI™ triages cardiac device transmissions to filter nonactionable alerts and highlights the events that need true clinical attention. Through our Two-Brain Approach™ – combining Atlas AI™ with IBHRE-certified oversight – Octagos delivers 99% accuracy, sensitivity, and specificity for near-perfect clinical performance. With fast bi-directional EHR integrations, and flexible, cost-effective implementation, Octagos helps clinics scale care efficiently without compromise. Recognized by TIME and Statista as one of the World’s Top HealthTech Companies 2025, Octagos is redefining how cardiac care is delivered.

The Role

We are hiring a Cyber Security Manager to lead and operationalize the security program across Octagos. This role owns the full lifecycle: governance, risk, compliance, application security, cloud security, vendor risk, incident response, and customer-facing security assurance. The role partners closely with Engineering, IT, Product, Compliance, and Customer Success.

This is a hands-on leadership role. You will set strategy, build the program, and execute against it. You will own the MDR partner relationship, drive the next SOC 2 Type II and HITRUST cycles, and serve as the security voice in architecture, vendor, and customer conversations as we scale toward Series C.

This is an in-office position located in Houston, Texas.

Key Responsibilities

Governance, Risk, and Compliance

• Own the HIPAA, SOC 2 Type II, and HITRUST roadmap and audit execution
• Maintain and evolve security policies, standards, and procedures aligned to NIST CSF and HITRUST CSF
• Manage the enterprise risk register and quarterly executive risk review
• Drive completion of customer security questionnaires, BAAs, and trust portal artifacts
  
  

Cloud and Application Security

• Own Azure security posture across all subscriptions: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, and Azure Policy
• Partner with Engineering to embed secure SDLC practices: threat modeling, SAST, DAST, SCA, dependency scanning, and PR security gates
• Define and enforce identity, secrets management, encryption, key rotation, and network segmentation standards
• Lead vulnerability management across cloud, application, container, endpoint, and third-party library layers
  
  

Detection, Response, and Operations

• Manage the MDR provider relationship and tune detection content for our environment
• Own the incident response plan, tabletop exercises, and breach response playbooks
• Lead investigations end to end: evidence preservation, root cause, customer notification, and any regulatory reporting under the HIPAA Breach Notification Rule
• Operate the security monitoring stack, alert routing, on-call rotation, and SLAs
  
  

Third-Party and Customer-Facing Security

• Build and run the third-party risk program covering CIED device vendors, EMR integration partners, and SaaS suppliers
• Review architecture and contracts for new integrations: data flow, PHI handling, authentication, and security controls
• Own the customer trust portal, security questionnaires, and pre-sales security support
• RepresentOctagossecurity in customer, prospect, auditor, and partner conversations
  
  

Workforce Security and Awareness

• Run security awareness training, phishing simulations, and role-based training for engineering and clinical operations staff
• Define onboarding and offboarding controls for workforce access to PHI systems
• Partner with IT on endpoint security, MDM, and identity lifecycle management
  
  

Leadership and Org Building

• Build ahigh-performingsecurity team, including a Security Engineer and a GRC Analyst
• Represent security in board, customer, and investor conversations
• Partner with the VP of Engineering on Series C security and compliance readiness
  
  

Required Qualifications

• 8 years in cyber security with 3 years inleadershipor program management role
• Direct experienceoperatinga security program in a HIPAA-regulated environment
• Hands-on ownership of at least one full SOC 2 Type II audit cycle
• Deep working knowledge of Azure security services: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, Azure Policy
• Strong application security background covering OWASP Top 10, secure SDLC, and modern web and API security patterns
• Experience managing or running an MDR or SOC function
• Proven incident response leadership, including at least one significant production incident managed end to end
• Excellent written and verbal communication, with the ability to brief executives, customers, and auditors
  
  

Preferred Qualifications

• Healthcare SaaS, medicaldevices, or remote patient monitoring industry experience
• CISSP, CISM, CCSP, HCISPP, or equivalent certification
• Experience driving a HITRUST CSF r2 certification
• Familiarity with Auth0, .NET, Angular, and SQL Server security hardening
• Working knowledge of FDA cybersecurity guidance for connected medical devices and SaMD
• Prior experience scaling a security program through a Series B to Series C inflection
  
  

What We Offer

• High-impact role with direct executive and board visibility
• Mission-driven work with measurable patient outcomes
• Modern Azure-native stack and a Claude-first engineering culture
• Competitive base, equity, and comprehensive benefits
• Headquarteredin theHouston,Texas Medical ecosystem with deep clinical partnerships