MacroHealth

Compensation

Full Description

Position Summary The Manager of Information Security is a critical leadership role responsible for establishing and scaling our security operations capabilities to protect our healthcare SaaS platform, customer data (PHI/PII), and corporate infrastructure. This role will lead the design and implementation of our 24/7 Security Operations Center strategy through managed security service provider (MSSP) partnership, expand our vulnerability management program beyond production to encompass all corporate assets, and establish the security architecture standards that will support our rapid growth. As our security operations leader, you'll bridge strategic planning with hands-on technical execution. You'll own the MSSP vendor selection, contract negotiation, and ongoing relationship management while serving as escalation point for security incidents. You'll develop incident management plans and help the team practice them regularly. You'll define security requirements for cloud environments, establish data classification processes, and ensure our security controls meet SOC2, HIPAA, and other compliance requirements. This role requires someone who can architect solutions including forward-looking metrics to track efficacy, roll up their sleeves to implement the solutions, and report out with a high degree of autonomy. Key Relationships Reports To: Director of IT & Security Key Internal Partners: • DevOps & Engineering • GRC Team • IT Engineering • IT Operations • Legal & Privacy • Executive Leadership Key Accountabilities Security Operations Center (SOC) Strategy & MSSP Management • Lead vendor selection process for 24/7 MSSP partnership, including RFP development, vendor evaluation, and contract negotiation • Own ongoing MSSP relationship including performance management, escalations, SLA tracking, and quarterly business reviews • Define monitoring requirements, use cases, and alert logic from our systems to the MSSP to the responsible parties inside MacroHealth • Partner with DevOps and IT teams to ensure relevant logs are consistently delivered to our SIEM and MSSP monitoring platform • Establish incident escalation procedures and coordinate incident response activities • Tune detection rules and reduce false positives through continuous optimization Vulnerability Management Program • Expand vulnerability management program from production-only to comprehensive corporate asset coverage • Own and optimize Nessus vulnerability scanning platform, including deployment to corporate networks and endpoints • Establish vulnerability assessment procedures, remediation SLAs by severity, and tracking mechanisms • Partner with IT Operations, DevOps, and Engineering teams on remediation prioritization and execution • Establish vulnerability management metrics and executive reporting on risk posture Security Architecture & Engineering • Define security requirements and standards for cloud environments (AWS/Azure) in partnership with DevOps and Engineering • Work with DevOps to define SAST/DAST requirements and monitor for adherence; establish "Secure by Design" principles • Design and implement data classification framework to support DLP, compliance, and data governance • Lead deployment of DSPM, DLP, and data governance workflows • Architect endpoint security solutions including EDR/XDR capabilities • Define logging and monitoring requirements for production, pre-production, and corporate environments • Partner with IT Operations on identity security, SSO/MFA implementation, and privileged identity management Incident Response & Security Operations • Develop and maintain security incident response playbooks and procedures • Coordinate cross-functional incident response efforts involving IT, Engineering, DevOps, Legal, and executive leadership • Lead tabletop exercises and incident response simulations to test preparedness • Conduct post-incident reviews and implement lessons learned Compliance & Risk Management • Own all security-related SOC2 controls including evidence collection, testing, and audit liaison • Ensure security controls meet requirements for HIPAA (Business Associate), CCPA, PIPA, and other applicable regulations • Partner with GRC team on security risk assessments and risk treatment planning • Maintain audit-ready documentation for security configurations, controls, and procedures • Support annual SOC2 audits and address security-related findings Security Program Development • Develop and maintain multi-year security roadmap aligned to business growth and risk landscape • Establish security awareness training program in partnership with HR and GRC • Identify opportunities for security automation and tool consolidation Knowledge, Skills and Abilities Technical Expertise • Deep knowledge of security operations center (SOC) capabilities, SIEM platforms, and security monitoring • Hands-on experience with vulnerability management tools (Nessus, Qualys, Rapid7, or similar) • Strong understanding of cloud security architectures (AWS and/or Azure) and cloud-native security controls • Experience with endpoint detection and response (EDR/XDR) platforms • Working knowledge of data loss prevention (DLP) technologies and data classification frameworks • Knowledge of identity and access management, SSO, MFA, and privileged access management Incident Response & Threat Management • Proven experience leading security incident investigations and coordinating response efforts • Knowledge of common attack vectors, TTPs, and MITRE ATT&CK framework • Experience conducting root cause analysis and implementing remediation strategies • Ability to analyze security events, correlate indicators, and identify true threats Compliance & Risk Management • Deep understanding of SOC2 requirements and security control frameworks • Knowledge of HIPAA Security Rule and PHI/PII protection requirements • Familiarity with ISO 27001, NIST CSF, and other information security frameworks • Ability to translate compliance requirements into technical security controls Communication & Leadership • Excellent communication skills with ability to explain security risks to non-technical audiences • Strong presentation skills for executive leadership and board-level reporting • Ability to influence without direct authority and build consensus across teams • Experience managing vendor relationships and negotiating service level agreements Required Education and Experience • 5+ years of progressive experience in information security, security operations, or security engineering roles • 3+ years of hands-on experience with SIEM platforms (Splunk, Sentinel, Chronicle, or similar) • 2+ years of experience managing vulnerability management programs • Demonstrated experience with SOC operations, security monitoring, and incident response • Experience supporting SOC2, ISO 27001, or similar compliance frameworks • Proven track record managing vendor relationships and service providers Preferred Education and Experience • Bachelor's degree in Information Security, Computer Science, Information Systems, or related field • CISSP (Certified Information Systems Security Professional) or similar security certification • GIAC certifications (GCIH, GCIA, GMON, or similar) • AWS Certified Security Specialty or Azure Security Engineer certification • Experience implementing and managing MSSP or SOC-as-a-Service partnerships • Experience with Microsoft Purview, Azure Information Protection, or similar DLP and DSPM platforms • Background in both security operations and security architecture roles • Experience scaling security programs in high-growth companies Core Competencies: One Team: Act as one team with fellow MacroMates and customers Value humility, low ego, and collaboration Maintain an All for One, One for All attitude Deliver on Promises: Do the right thing Do what you say you will do Work with a sense of urgency and transparency Macro Thinking: Challenge yourself and others to think boldly, bigger, and into the future Lead with a Growth Mindset Act as a thought leader for the healthcare industry