Cyber Security Manager

About Octagos Health

Octagos is modernizing remote cardiac monitoring with AI-powered automation, seamless EHR integrations, and accuracy proven in high-volume, real-world clinics. Atlas AI triages cardiac device transmissions to filter nonactionable alerts and highlights the events that need true clinical attention. Through our Two-Brain Approach – combining Atlas AI with IBHRE-certified oversight – Octagos delivers 99%+ accuracy, sensitivity, and specificity for near-perfect clinical performance.

With fast bi-directional EHR integrations, and flexible, cost-effective implementation, Octagos helps clinics scale care efficiently without compromise. Recognized by TIME and Statista as one of the World’s Top Health Tech Companies 2025, Octagos is redefining how cardiac care is delivered.

We are hiring a Cyber Security Manager to lead and operationalize the security program across Octagos. This role owns the full lifecycle: governance, risk, compliance, application security, cloud security, vendor risk, incident response, and customer-facing security assurance. The role partners closely with Engineering, IT, Product, Compliance, and Customer Success. This is a hands‑on leadership role.

Key responsibilities include setting strategy, building the program, and executing against it. You will own the MDR partner relationship, drive the next SOC 2 Type II and HITRUST cycles, and serve as the security voice in architecture, vendor, and customer conversations as we scale toward Series C. This is an in‑office position located in Houston, Texas.

• Own the HIPAA, SOC 2 Type II, and HITRUST roadmap and audit execution
• Maintain and evolve security policies, standards, and procedures aligned to NIST CSF and HITRUST CSF
• Manage the enterprise risk register and quarterly executive risk review
• Drive completion of customer security questionnaires, BAAs, and trust portal artifacts

• Own Azure security posture across all subscriptions:
  Defender for Cloud, Sentinel, Entra , Key Vault, Private Link, and Azure Policy
• Partner with Engineering to embed secure SDLC practices: threat modeling, SAST, DAST, SCA, dependency scanning, and PR security gates
• Define and enforce identity, secrets management, encryption, key rotation, and network segmentation standards
• Lead vulnerability management across cloud, application, container, endpoint, and third‑party library layers

• Manage the MDR provider relationship and tune detection content for our environment
• Own the incident response plan, tabletop exercises, and breach response playbooks
• Lead investigations end to end: evidence preservation, root cause, customer notification, and any regulatory reporting under the HIPAA Breach Notification Rule
• Operate the security monitoring stack, alert routing, on‑call rotation, and SLAs

• Build and run the third‑party risk program covering CIED device vendors, EMR integration partners, and SaaS suppliers
• Review architecture and contracts for new integrations: data flow, PHI handling, authentication, and security controls
• Own the customer trust portal, security questionnaires, and pre‑sales security support
• Represent Octagossecurity in customer, prospect, auditor, and partner conversations

• Run security awareness training, phishing simulations, and role‑based training for engineering and clinical operations staff
• Define onboarding and offboarding controls for workforce access to PHI systems
• Partner with IT on endpoint security, MDM, and identity lifecycle management

• Build a high‑performing security team, including a Security Engineer and a GRC Analyst
• Represent security in board, customer, and investor conversations
• Partner with the VP of Engineering on Series C security and compliance readiness

• 8+ years in cyber security with 3+ years in leadership or program management role
• Direct experience operating a security program in a HIPAA‑regulated environment
• Hands‑on ownership of at least one full SOC 2 Type II audit cycle
• Deep working…