Engineering Manager, Information Security

Notable is the leading healthcare AI platform for transforming workforce productivity. Health systems, hospitals, and payers use Notable to improve healthcare quality, close gaps in patient care, drive member enrollment, and patient acquisition, retention, and reimbursement, scaling growth without hiring more staff.

We are on a mission to improve the lives of patients, staff, and clinicians - to improve healthcare for humanity. This isn't just a lofty goal - it's something we're achieving every single day. When you join Notable, you become part of a force actively transforming healthcare. Our aim to impact 100 million patients isn't just a number; it's a commitment to creating meaningful change on a massive scale.

Therefore, our culture is purposeful in pursuit of this mission. We believe our culture gives each person the opportunity to do the best work of their lives, work with the best teammates, and have fun achieving great things together.

Role Summary:

We’re looking for an Engineering Manager, Information Security to lead and scale Notable’s security program across product, infrastructure, corporate systems, and compliance. While the title reflects our internal leveling, this is a Head of Security–level role with end-to-end responsibility for security and risk across the organization.

You’ll start with a team of three: two security analysts supporting compliance and operations, and one security engineer focused on building tooling and enabling secure development. Together, you’ll own both the tactical and strategic functions of a modern security program.

Notable has already achieved HIPAA, HITRUST, and SOC 2 certifications and is currently undergoing ISO 27001 certification, expected by year end. You’ll be responsible for maintaining these programs and evolving our internal and product-facing security to meet the expectations of enterprise healthcare customers.

What You’ll Do:

• Lead the security team across product security, corporate security, and compliance operations

• Maintain and enhance existing certifications (HIPAA, HITRUST, SOC 2) and support ongoing ISO 27001 efforts

• Guide product and application security, including threat modeling, architecture reviews, and developer enablement

• Enhance and own AI governance and customer data compliance controls

• Partner with engineering to improve internal security tooling, IAM, CI/CD security, and vulnerability management

• Own incident response, disaster recovery, and detection programs across infrastructure and corporate environments

• Oversee corporate security: SaaS app security, endpoint management, SSO/MDM, and internal access controls

• Collaborate with legal and compliance to manage vendor risk, third-party audits, and customer security reviews

• Lead internal training and security awareness programs for engineers and employees

• Track evolving customer requirements, threat landscapes, and regulatory obligations to continuously improve posture

What We’re Looking For:

• 10+ years in information security roles, including at least 4+ years in leadership or cross-functional program ownership

• Strong technical background in security engineering, infrastructure security, or secure software development

• Experience maintaining certifications such as SOC 2, HIPAA, HITRUST, or ISO 27001 in production environments

• Skilled in secure SDLC practices, cloud security (GCP preferred), threat modeling, and risk assessment

• Familiarity with corporate and IT security controls: SaaS platforms, identity management, endpoint security

• Strong communicator with experience influencing engineering and non-technical stakeholders

• Able to think strategically and execute pragmatically in a fast-paced, high-trust environment

Nice to Have:

• Prior experience in healthcare, healthtech, or other regulated SaaS companies

• Experience responding to enterprise customer security reviews or RFPs

• Familiarity with privacy frameworks (e.g., CCPA, GDPR)

• Background in building or scaling internal security functions in a startup or growth-stage environment

Beware of job scam fraudsters! Our recruiters use @notablehealth.com email addresses exclusively. We do not conduct interviews via text or instant message and we do not ask candidates to download software other than Zoom, to purchase equipment through us, or to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to be me from a different domain about a job offer, please report it as potential job fraud to law enforcement and contact us here.