Manager of Security & IT

About the Role

What You'll Do

• Lead Fabric's security program across application security, security operations, identity and access management, endpoint security, cloud security, and vendor security.
• Own corporate IT operations including identity platform (Okta or equivalent), MDM, endpoint management, helpdesk, hardware and SaaS provisioning.
• Hire and grow the team. Start with 1-2 reports (an IT generalist and our application security engineer), build out as the company scales.
• Partner with the owner of our compliance program to feed evidence, implement controls, and operationalize SOC2, HITRUST, and HIPAA requirements without bottlenecking either side.
• Lead customer security questionnaire responses and vendor security reviews. You are the person who can speak to a CISO at a health system and earn their trust.
• Own incident response end-to-end: detection, triage, response, post-mortem, and the improvements that follow.
• Set security policy and standards that engineering, product, and operations can actually follow.
• Represent security in executive conversations about risk, investment, and tradeoffs.

Why You Might Be a Good Fit

• You have 7+ years of security experience including 2-3 years in a security leadership role and direct hands-on time across security operations.
• You have actually run corporate IT, not just had it report to you. You know what good identity hygiene looks like, you have debugged endpoint issues yourself, you have handled an offboarding crisis at 9pm.
• You can do both: set the program and do the work. This is not a delegate-everything role at this stage.
• You think identity-first. Most security failures route through identity, and you build defenses with that as the starting assumption.
• You have worked in healthcare or another regulated industry where the rules genuinely matter and audits are part of the rhythm.
• You can talk to engineers without losing them and to executives without confusing them.

• You want a pure CISO seat where you set policy and someone else implements. We are too early for that.
• You have not actually run corporate IT before. Reporting to you is not the same as having done the work.
• You are uncomfortable being the security AND IT person. This is a dual-hat role and stays that way until we are larger.
• You need a fully built program. We have foundations but not maturity; you will be building.

Your Qualifications

• 7+ years of security experience with at least 2 years in a security leadership or management role.
• Direct experience managing corporate IT operations: identity, endpoint, MDM, SaaS provisioning, helpdesk.
• Strong application security or cloud security background. You will partner closely with our application security engineer and need to be able to lead them, not just manage them.
• Experience operating in a healthcare or regulated industry environment.
• Working knowledge of SOC2 and HIPAA frameworks. HITRUST familiarity is a plus.
• Manager experience with 1-3 direct reports, ideally including building a function from a small base.

Bonus Points

• Hands-on experience with Okta or another modern IAM/SSO platform.
• AWS or GCP cloud security depth.
• Prior incident response leadership at a healthcare or regulated company.
• HITRUST or NIST 800-66 specific familiarity.
• Experience working with external auditors and assessors.

The national pay range for this role is $160,000.00 – $175,000.00 per year. Actual compensation will be determined by factors such as the candidate's geographic market, experience, skills, and qualifications. Certain roles may also be eligible for additional compensation, including a comprehensive benefits package such as medical, dental, vision, unlimited PTO, and a 401(k) plan, stock options and bonuses. If your compensation requirement is greater than our posted range, please still consider applying; a determination can be made based on unique qualifications. Expected compensation ranges for this role may change over time.