Manager of Security & IT

Fabric • Remote (New York, United States) • 6h ago

About Fabric HealthAt Fabric Health, we are powering boundless care by solving healthcare’s biggest challenge: clinical capacity. We aren’t here to disrupt healthcare; we’re here to fix it. We unify the care journey from intake to treatment, using intelligent automation to remove administrative burdens and make care delivery 2-10x more efficient. Our technology empowers clinicians to move faster and focus on what matters most: the patient.
We are a mission-driven team of brilliant minds trusted by leading organizations including Intermountain Health, OSF HealthCare, SSM Health, and MUSC Health. Our vision is backed by premier investors such as Thrive Capital, GV (Google Ventures), General Catalyst, and Salesforce Ventures. We move quickly for good reason, listen deeply to solve big challenges, and build products with the same care and quality we’d want for our own loved ones.
Learn more: About Us | News & Press | LinkedIn | Careers

About the RoleWe are looking for a Senior Manager, Security and IT to lead Fabric's security program and corporate IT function. You will set security strategy, run security operations, and own corporate IT for a healthcare technology company that handles PHI at scale. You will hire and lead a small team, partner with the compliance program owner, and be the person who decides what security investments matter and what can wait.This is a hands-on leadership role. You will set policy, but you will also be doing the work, running identity, owning the endpoint program, leading incident response, and reviewing vendors. We are not looking for someone who delegates everything; we are looking for someone who can build the program and then scale it.
What You'll DoAs the Senior Manager of Security and IT, you will lead Fabric's security program and own corporate IT operations end to end. Your primary responsibilities will include:

Lead Fabric's security program across application security, security operations, identity and access management, endpoint security, cloud security, and vendor security.
Own corporate IT operations including identity platform (Okta or equivalent), MDM, endpoint management, helpdesk, hardware and SaaS provisioning.
Hire and grow the team. Start with 1-2 reports (an IT generalist and our application security engineer), build out as the company scales.
Partner with the owner of our compliance program to feed evidence, implement controls, and operationalize SOC2, HITRUST, and HIPAA requirements without bottlenecking either side.
Lead customer security questionnaire responses and vendor security reviews. You are the person who can speak to a CISO at a health system and earn their trust.
Own incident response end-to-end: detection, triage, response, post-mortem, and the improvements that follow.
Set security policy and standards that engineering, product, and operations can actually follow.
Represent security in executive conversations about risk, investment, and tradeoffs.

Why You Might Be a Good Fit

You have 7+ years of security experience including 2-3 years in a security leadership role and direct hands-on time across security operations.
You have actually run corporate IT, not just had it report to you. You know what good identity hygiene looks like, you have debugged endpoint issues yourself, you have handled an offboarding crisis at 9pm.
You can do both: set the program and do the work. This is not a delegate-everything role at this stage.
You think identity-first. Most security failures route through identity, and you build defenses with that as the starting assumption.
You have worked in healthcare or another regulated industry where the rules genuinely matter and audits are part of the rhythm.
You can talk to engineers without losing them and to executives without confusing them.

This Might Not Be The Right Fit If...

You want a pure CISO seat where you set policy and someone else implements. We are too early for that.
You have not actually run corporate IT before. Reporting to you is not the same as having done the work.
You are uncomfortable being the security AND IT person. This is a dual-hat role and stays that way until we are larger.
You need a fully built program. We have foundations but not maturity; you will be building.

Your Qualifications

7+ years of security experience with at least 2 years in a security leadership or management role.
Direct experience managing corporate IT operations: identity, endpoint, MDM, SaaS provisioning, helpdesk.
Strong application security or cloud security background. You will partner closely with our application security engineer and need to be able to lead them, not just manage them.
Experience operating in a healthcare or regulated industry environment.
Working knowledge of SOC2 and HIPAA frameworks. HITRUST familiarity is a plus.
Manager experience with 1-3 direct reports, ideally including building a function from a small base.

Bonus Points

Hands-on experience with Okta or another modern IAM/SSO platform.
AWS or GCP cloud security depth.
Prior incident response leadership at a healthcare or regulated company.
HITRUST or NIST 800-66 specific familiarity.
Experience working with external auditors and assessors.

The national pay range for this role is $160,000.00 – $175,000.00 per year. Actual compensation will be determined by factors such as the candidate's geographic market, experience, skills, and qualifications. Certain roles may also be eligible for additional compensation, including a comprehensive benefits package such as medical, dental, vision, unlimited PTO, and a 401(k) plan, stock options and bonuses. If your compensation requirement is greater than our posted range, please still consider applying; a determination can be made based on unique qualifications. Expected compensation ranges for this role may change over time.
At Fabric, we believe that a diverse workforce is essential to our success. We are an equal opportunity employer and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other legally protected characteristic. We actively encourage individuals from all backgrounds to apply.
Recruitment Fraud Alert: Protect Yourself
Fabric Health is aware of scammers attempting to impersonate employers. To ensure that any recruiting contact you receive is legitimate, please adhere to the following:

Verify the Domain: Official recruitment emails will only come from addresses ending in @fabrichealth.com or @gem.com. No other domain names are legitimate.
Official Interview Tools: We use Gem for our recruitment process and Google Meet for all video interviews. Google Meet is always the platform used for your first interview; you will never be sent a Zoom link to set up or conduct an initial interview. All interviews are conducted via video unless specifically stated by our team as an audio call. We never conduct interviews via chat, social media, Skype, or WhatsApp.
Zoom Usage: Zoom is utilized only for specific meetings set directly by our team for purposes outside of the standard interview process (e.g., coordination or onboarding discussions). It is never the first link you will receive from us.
Authorized Contact & Texting: Fabric will only contact you if you have submitted an application or if you are connected to a current employee who shared your information with us. We will only send text messages if you have provided explicit authorization and consent, either through your application or while communicating directly with our team. If you have not explicitly authorized us to reach out, treat any SMS or unsolicited outreach as fraudulent and do not respond.
Sensitive We will never ask you for sensitive personal or financial documents (ID, banking info, SSN) during the application, interview, or candidacy stages. All sensitive data is handled through secure internal systems post-offer.
Verify the Team: You can reference LinkedIn to verify members of our recruiting team; however, please remain vigilant as scammers may create fraudulent profiles. Always cross-reference the sender's email domain with our official @fabrichealth.com address.

If you question the validity of a contact or receive a suspicious message, do not click any links. Report the issue immediately to careers-security@fabrichealth.com.
Please note: The security inbox is for reporting fraudulent activity only. Do not email this address for application status updates or to share application materials, as these will not be reviewed. Applications are only accepted and reviewed if submitted through our official application portal, and no application status information will be provided via the security email.

6a23a3e7839613c4d2b1949f