Cyber Security Manager in Houston, Texas at OCTAGOS HEALTH, INC.

About Octagos Health

Octagos is modernizing remote cardiac monitoring with AI-powered automation, seamless EHR integrations, and accuracy proven in high-volume, real-world clinics. Atlas AI™ triages cardiac device transmissions to filter nonactionable alerts and highlights the events that need true clinical attention. Through our Two-Brain Approach™ – combining Atlas AI™ with IBHRE-certified oversight – Octagos delivers 99%+ accuracy, sensitivity, and specificity for near-perfect clinical performance. With fast bi-directional EHR integrations, and flexible, cost-effective implementation, Octagos helps clinics scale care efficiently without compromise. Recognized by TIME and Statista as one of the World’s Top HealthTech Companies 2025, Octagos is redefining how cardiac care is delivered.

The Role

We are hiring a Cyber Security Manager to lead and operationalize the security program across Octagos. This role owns the full lifecycle: governance, risk, compliance, application security, cloud security, vendor risk, incident response, and customer-facing security assurance. The role partners closely with Engineering, IT, Product, Compliance, and Customer Success.

This is a hands-on leadership role. You will set strategy, build the program, and execute against it. You will own the MDR partner relationship, drive the next SOC 2 Type II and HITRUST cycles, and serve as the security voice in architecture, vendor, and customer conversations as we scale toward Series C.

This is an in-office position located in Houston, Texas.

Key Responsibilities

Governance, Risk, and Compliance

Own the HIPAA, SOC 2 Type II, and HITRUST roadmap and audit executionMaintain and evolve security policies, standards, and procedures aligned to NIST CSF and HITRUST CSFManage the enterprise risk register and quarterly executive risk reviewDrive completion of customer security questionnaires, BAAs, and trust portal artifacts

Cloud and Application Security

Own Azure security posture across all subscriptions: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, and Azure PolicyPartner with Engineering to embed secure SDLC practices: threat modeling, SAST, DAST, SCA, dependency scanning, and PR security gatesDefine and enforce identity, secrets management, encryption, key rotation, and network segmentation standardsLead vulnerability management across cloud, application, container, endpoint, and third-party library layers

Detection, Response, and Operations

Manage the MDR provider relationship and tune detection content for our environmentOwn the incident response plan, tabletop exercises, and breach response playbooksLead investigations end to end: evidence preservation, root cause, customer notification, and any regulatory reporting under the HIPAA Breach Notification RuleOperate the security monitoring stack, alert routing, on-call rotation, and SLAs

Third-Party and Customer-Facing Security

Build and run the third-party risk program covering CIED device vendors, EMR integration partners, and SaaS suppliersReview architecture and contracts for new integrations: data flow, PHI handling, authentication, and security controlsOwn the customer trust portal, security questionnaires, and pre-sales security supportRepresentOctagossecurity in customer, prospect, auditor, and partner conversations

Workforce Security and Awareness

Run security awareness training, phishing simulations, and role-based training for engineering and clinical operations staffDefine onboarding and offboarding controls for workforce access to PHI systemsPartner with IT on endpoint security, MDM, and identity lifecycle management

Leadership and Org Building

Build ahigh-performingsecurity team, including a Security Engineer and a GRC AnalystRepresent security in board, customer, and investor conversationsPartner with the VP of Engineering on Series C security and compliance readiness

Required Qualifications

8+ years in cyber security with 3+ years inleadershipor program management roleDirect experienceoperatinga security program in a HIPAA-regulated environmentHands-on ownership of at least one full SOC 2 Type II audit cycleDeep working knowledge of Azure security services: Defender for Cloud, Sentinel, Entra ID, Key Vault, Private Link, Azure PolicyStrong application security background covering OWASP Top 10, secure SDLC, and modern web and API security patternsExperience managing or running an MDR or SOC functionProven incident response leadership, including at least one significant production incident managed end to endExcellent written and verbal communication, with the ability to brief executives, customers, and auditors

Preferred Qualifications

Healthcare SaaS, medicaldevices, or remote patient monitoring industry experienceCISSP, CISM, CCSP, HCISPP, or equivalent certificationExperience driving a HITRUST CSF r2 certificationFamiliarity with Auth0, .NET, Angular, and SQL Server security hardeningWorking knowledge of FDA cybersecurity guidance for connected medical devices and SaMDPrior experience scaling a security program through a Series B to Series C inflection

What We Offer

High-impact role with direct executive and board visibilityMission-driven work with measurable patient outcomesModern Azure-native stack and a Claude-first engineering cultureCompetitive base, equity, and comprehensive benefitsHeadquarteredin theHouston,Texas Medical ecosystem with deep clinical partnerships