Notable
Senior Engineering Manager, Information Security
Notable, San Mateo, California, United States, 94409
Notable is the leading healthcare AI platform for transforming workforce productivity. Health systems, hospitals, and payers use Notable to improve healthcare quality, close gaps in patient care, drive member enrollment, and patient acquisition, retention, and reimbursement, scaling growth without hiring more staff.
We are on a mission to improve the lives of patients, staff, and clinicians - to improve healthcare for humanity. This isn't just a lofty goal - it's something we're achieving every single day. When you join Notable, you become part of a force actively transforming healthcare. Our aim to impact 100 million patients isn't just a number; it's a commitment to creating meaningful change on a massive scale.
Therefore, our culture is purposeful in pursuit of this mission. We believe our culture gives each person the opportunity to do the best work of their lives, work with the best teammates, and have fun achieving great things together.
Role Summary:
We’re looking for an
Sr. Engineering Manager, Information Security
to lead and scale Notable’s security program across product, infrastructure, corporate systems, and compliance. While the title reflects our internal leveling, this is a
Head of Security–level role
with end-to-end responsibility for security and risk across the organization. You’ll start with a team of three:
two security analysts
supporting compliance and operations, and
one security engineer
focused on building tooling and enabling secure development. Together, you’ll own both the tactical and strategic functions of a modern security program. Notable has already achieved
HIPAA, HITRUST, and SOC 2
certifications and is currently undergoing
ISO 27001
certification, expected by year end. You’ll be responsible for maintaining these programs and evolving our internal and product-facing security to meet the expectations of enterprise healthcare customers. What You’ll Do: Lead the security team across product security, corporate security, and compliance operations
Maintain and enhance existing certifications (HIPAA, HITRUST, SOC 2) and support ongoing ISO 27001 efforts
Guide
product and application security , including threat modeling, architecture reviews, and developer enablement
Enhance and own AI governance and customer data compliance controls
Partner with engineering to improve internal security tooling, IAM, CI/CD security, and vulnerability management
Own
incident response , disaster recovery, and detection programs across infrastructure and corporate environments
Oversee
corporate security : SaaS app security, endpoint management, SSO/MDM, and internal access controls
Collaborate with legal and compliance to manage vendor risk, third-party audits, and customer security reviews
Lead
internal training and security awareness
programs for engineers and employees
Track evolving customer requirements, threat landscapes, and regulatory obligations to continuously improve posture
What We’re Looking For: 10+ years in information security roles, including at least 5+ years in leadership or cross-functional program ownership
Strong technical background in security engineering, infrastructure security, or secure software development
Experience maintaining certifications such as SOC 2, HIPAA, HITRUST, or ISO 27001 in production environments
Skilled in secure SDLC practices, cloud security (GCP preferred), threat modeling, and risk assessment
Familiarity with corporate and IT security controls: SaaS platforms, identity management, endpoint security
Strong communicator with experience influencing engineering and non-technical stakeholders
Able to think strategically and execute pragmatically in a fast-paced, high-trust environment
Nice to Have: Prior experience in healthcare, healthtech, or other regulated SaaS companies
Experience responding to enterprise customer security reviews or RFPs
Familiarity with privacy frameworks (e.g., CCPA, GDPR)
Background in building or scaling internal security functions in a startup or growth-stage environment
Beware of job scam fraudsters! Our recruiters use @notablehealth.com email addresses exclusively. We do not conduct interviews via text or instant message and we do not ask candidates to download software other than Zoom, to purchase equipment through us, or to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to be me from a different domain about a job offer, please report it as potential job fraud to law enforcement and
contact us here .
#J-18808-Ljbffr
Sr. Engineering Manager, Information Security
to lead and scale Notable’s security program across product, infrastructure, corporate systems, and compliance. While the title reflects our internal leveling, this is a
Head of Security–level role
with end-to-end responsibility for security and risk across the organization. You’ll start with a team of three:
two security analysts
supporting compliance and operations, and
one security engineer
focused on building tooling and enabling secure development. Together, you’ll own both the tactical and strategic functions of a modern security program. Notable has already achieved
HIPAA, HITRUST, and SOC 2
certifications and is currently undergoing
ISO 27001
certification, expected by year end. You’ll be responsible for maintaining these programs and evolving our internal and product-facing security to meet the expectations of enterprise healthcare customers. What You’ll Do: Lead the security team across product security, corporate security, and compliance operations
Maintain and enhance existing certifications (HIPAA, HITRUST, SOC 2) and support ongoing ISO 27001 efforts
Guide
product and application security , including threat modeling, architecture reviews, and developer enablement
Enhance and own AI governance and customer data compliance controls
Partner with engineering to improve internal security tooling, IAM, CI/CD security, and vulnerability management
Own
incident response , disaster recovery, and detection programs across infrastructure and corporate environments
Oversee
corporate security : SaaS app security, endpoint management, SSO/MDM, and internal access controls
Collaborate with legal and compliance to manage vendor risk, third-party audits, and customer security reviews
Lead
internal training and security awareness
programs for engineers and employees
Track evolving customer requirements, threat landscapes, and regulatory obligations to continuously improve posture
What We’re Looking For: 10+ years in information security roles, including at least 5+ years in leadership or cross-functional program ownership
Strong technical background in security engineering, infrastructure security, or secure software development
Experience maintaining certifications such as SOC 2, HIPAA, HITRUST, or ISO 27001 in production environments
Skilled in secure SDLC practices, cloud security (GCP preferred), threat modeling, and risk assessment
Familiarity with corporate and IT security controls: SaaS platforms, identity management, endpoint security
Strong communicator with experience influencing engineering and non-technical stakeholders
Able to think strategically and execute pragmatically in a fast-paced, high-trust environment
Nice to Have: Prior experience in healthcare, healthtech, or other regulated SaaS companies
Experience responding to enterprise customer security reviews or RFPs
Familiarity with privacy frameworks (e.g., CCPA, GDPR)
Background in building or scaling internal security functions in a startup or growth-stage environment
Beware of job scam fraudsters! Our recruiters use @notablehealth.com email addresses exclusively. We do not conduct interviews via text or instant message and we do not ask candidates to download software other than Zoom, to purchase equipment through us, or to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to be me from a different domain about a job offer, please report it as potential job fraud to law enforcement and
contact us here .
#J-18808-Ljbffr