Engineering Manager, Information Security

Company: Notable Employment Type: Full-Time Location Type: Hybrid Salary: $160K - $200K

Position Overview

Notable is the leading healthcare AI platform for transforming workforce productivity. Health systems, hospitals, and payers use Notable to improve healthcare quality, close gaps in patient care, drive member enrollment and patient acquisition, retention, and reimbursement, scaling growth without hiring more staff. We are on a mission to improve the lives of patients, staff, and clinicians – to improve healthcare for humanity.

We are seeking an Engineering Manager, Information Security to lead and scale Notable’s security program across product, infrastructure, corporate systems, and compliance. This is a Head of Security–level role with end-to-end responsibility for security and risk across the organization. You will lead a team of three security professionals and will be responsible for both tactical and strategic functions of a modern security program.

Notable has already achieved HIPAA, HITRUST, and SOC 2 certifications and is currently undergoing ISO 27001 certification. You will be responsible for maintaining these programs and evolving our internal and product-facing security to meet the expectations of enterprise healthcare customers.

Responsibilities

• Lead the security team across product security, corporate security, and compliance operations.
• Maintain and enhance existing certifications (HIPAA, HITRUST, SOC 2) and support ongoing ISO 27001 efforts.
• Guide product and application security, including threat modeling, architecture reviews, and developer enablement.
• Enhance and own AI governance and customer data compliance controls.
• Partner with engineering to improve internal security tooling, IAM, CI/CD security, and vulnerability management.
• Own incident response, disaster recovery, and detection programs across infrastructure and corporate environments.
• Oversee corporate security: SaaS app security, endpoint management, SSO/MDM, and internal access controls.
• Collaborate with legal and compliance to manage vendor risk, third-party audits, and customer security reviews.
• Lead internal training and security awareness programs for engineers and employees.
• Track evolving customer requirements, threat landscapes, and regulatory obligations to continuously improve posture.

Requirements

• 10+ years in information security roles, including at least 4+ years in leadership or cross-functional program ownership.
• Strong technical background in security engineering, infrastructure security, or secure software development.
• Experience maintaining certifications such as SOC 2, HIPAA, HITRUST, or ISO 27001 in production environments.
• Skilled in secure SDLC practices, cloud security (GCP preferred), threat modeling, and risk assessment.
• Familiarity with corporate and IT security controls: SaaS platforms, identity management, endpoint security.
• Strong communicator with experience influencing engineering and non-technical stakeholders.
• Able to think strategically and execute pragmatically in a fast-paced, high-trust environment.

Nice to Have

• Prior experience in healthcare, healthtech, or other regulated SaaS companies.
• Experience responding to enterprise customer security reviews or RFPs.
• Familiarity with privacy frameworks (e.g., CCPA, GDPR).
• Background in building or scaling internal security teams.

Company Information

Notable is on a mission to improve the lives of patients, staff, and clinicians – to improve healthcare for humanity. Our culture is purposeful in pursuit of this mission, giving each person the opportunity to do the best work of their lives, work with the best teammates, and have fun achieving great things together. Our aim to impact 100 million patients is a commitment to creating meaningful change on a massive scale.