Engineering Manager, Information Security

Notable is the leading healthcare AI platform for transforming workforce productivity. Health systems hospitals and payers use Notable to improve healthcare quality close gaps in patient care drive member enrollment and patient acquisition retention and reimbursement scaling growth without hiring more staff.

We are on a mission to improve the lives of patients staff and clinicians - to improve healthcare for humanity. This isnt just a lofty goal - its something were achieving every single day. When you join Notable you become part of a force actively transforming healthcare. Our aim to impact 100 million patients isnt just a number; its a commitment to creating meaningful change on a massive scale.

Therefore our culture is purposeful in pursuit of this mission. We believe our culture gives each person the opportunity to do the best work of their lives work with the best teammates and have fun achieving great things together.

Role Summary:

Were looking for an Engineering Manager Information Security to lead and scale Notables security program across product infrastructure corporate systems and compliance. While the title reflects our internal leveling this is a Head of Securitylevel role with end-to-end responsibility for security and risk across the organization.

Youll start with a team of three: two security analysts supporting compliance and operations and one security engineer focused on building tooling and enabling secure development. Together youll own both the tactical and strategic functions of a modern security program.

Notable has already achieved HIPAA HITRUST and SOC 2 certifications and is currently undergoing ISO 27001 certification expected by year end. Youll be responsible for maintaining these programs and evolving our internal and product-facing security to meet the expectations of enterprise healthcare customers.

What Youll Do:

• Lead the security team across product security corporate security and compliance operations

• Maintain and enhance existing certifications (HIPAA HITRUST SOC 2) and support ongoing ISO 27001 efforts

• Guide product and application security including threat modeling architecture reviews and developer enablement

• Enhance and own AI governance and customer data compliance controls

• Partner with engineering to improve internal security tooling IAM CI/CD security and vulnerability management

• Own incident response disaster recovery and detection programs across infrastructure and corporate environments

• Oversee corporate security: SaaS app security endpoint management SSO/MDM and internal access controls

• Collaborate with legal and compliance to manage vendor risk third-party audits and customer security reviews

• Lead internal training and security awareness programs for engineers and employees

• Track evolving customer requirements threat landscapes and regulatory obligations to continuously improve posture

What Were Looking For:

• 10 years in information security roles including at least 4 years in leadership or cross-functional program ownership

• Strong technical background in security engineering infrastructure security or secure software development

• Experience maintaining certifications such as SOC 2 HIPAA HITRUST or ISO 27001 in production environments

• Skilled in secure SDLC practices cloud security (GCP preferred) threat modeling and risk assessment

• Familiarity with corporate and IT security controls: SaaS platforms identity management endpoint security

• Strong communicator with experience influencing engineering and non-technical stakeholders

• Able to think strategically and execute pragmatically in a fast-paced high-trust environment

Nice to Have:

• Prior experience in healthcare healthtech or other regulated SaaS companies

• Experience responding to enterprise customer security reviews or RFPs

• Familiarity with privacy frameworks (e.g. CCPA GDPR)

• Background in building or scaling internal security functions in a startup or growth-stage environment

Beware of job scam fraudsters! Our recruiters use @ email addresses exclusively. We do not conduct interviews via text or instant message and we do not ask candidates to download software other than Zoom to purchase equipment through us or to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to be me from a different domain about a job offer please report it as potential job fraud to law enforcement and contact us here.