About Fabric Health

About the Role

What You'll Do

• Lead Fabric's security program across application security, security operations, identity and access management, endpoint security, cloud security, and vendor security.
• Own corporate IT operations including identity platform (Okta or equivalent), MDM, endpoint management, helpdesk, hardware and SaaS provisioning.
• Hire and grow the team. Start with 1-2 reports (an IT generalist and our application security engineer), build out as the company scales.
• Partner with the owner of our compliance program to feed evidence, implement controls, and operationalize SOC2, HITRUST, and HIPAA requirements without bottlenecking either side.
• Lead customer security questionnaire responses and vendor security reviews. You are the person who can speak to a CISO at a health system and earn their trust.
• Own incident response end-to-end: detection, triage, response, post-mortem, and the improvements that follow.
• Set security policy and standards that engineering, product, and operations can actually follow.
• Represent security in executive conversations about risk, investment, and tradeoffs.

Why You Might Be a Good Fit

• You have 7+ years of security experience including 2-3 years in a security leadership role and direct hands-on time across security operations.
• You have actually run corporate IT, not just had it report to you. You know what good identity hygiene looks like, you have debugged endpoint issues yourself, you have handled an offboarding crisis at 9pm.
• You can do both: set the program and do the work. This is not a delegate-everything role at this stage.
• You think identity-first. Most security failures route through identity, and you build defenses with that as the starting assumption.
• You have worked in healthcare or another regulated industry where the rules genuinely matter and audits are part of the rhythm.
• You can talk to engineers without losing them and to executives without confusing them.

• You want a pure CISO seat where you set policy and someone else implements. We are too early for that.
• You have not actually run corporate IT before. Reporting to you is not the same as having done the work.
• You are uncomfortable being the security AND IT person. This is a dual-hat role and stays that way until we are larger.
• You need a fully built program. We have foundations but not maturity; you will be building.

Your Qualifications

• 7+ years of security experience with at least 2 years in a security leadership or management role.
• Direct experience managing corporate IT operations: identity, endpoint, MDM, SaaS provisioning, helpdesk.
• Strong application security or cloud security background. You will partner closely with our application security engineer and need to be able to lead them, not just manage them.
• Experience operating in a healthcare or regulated industry environment.
• Working knowledge of SOC2 and HIPAA frameworks. HITRUST familiarity is a plus.
• Manager experience with 1-3 direct reports, ideally including building a function from a small base.

Bonus Points

• Hands-on experience with Okta or another modern IAM/SSO platform.
• AWS or GCP cloud security depth.
• Prior incident response leadership at a healthcare or regulated company.
• HITRUST or NIST 800-66 specific familiarity.
• Experience working with external auditors and assessors.

The national pay range for this role is $160,000.00 – $175,000.00 per year. Actual compensation will be determined by factors such as the candidate's geographic market, experience, skills, and qualifications. Certain roles may also be eligible for additional compensation, including a comprehensive benefits package such as medical, dental, vision, unlimited PTO, and a 401(k) plan, stock options and bonuses. If your compensation requirement is greater than our posted range, please still consider applying; a determination can be made based on unique qualifications. Expected compensation ranges for this role may change over time.

At Fabric, we believe that a diverse workforce is essential to our success. We are an equal opportunity employer and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other legally protected characteristic. We actively encourage individuals from all backgrounds to apply.

Recruitment Fraud Alert: Protect Yourself

• Verify the Domain: Official recruitment emails will only come from addresses ending in @fabrichealth.com or @gem.com. No other domain names are legitimate.
• Official Interview Tools: We use Gem for our recruitment process and Google Meet for all video interviews. Google Meet is always the platform used for your first interview; you will never be sent a Zoom link to set up or conduct an initial interview. All interviews are conducted via video unless specifically stated by our team as an audio call. We never conduct interviews via chat, social media, Skype, or WhatsApp.
• Zoom Usage: Zoom is utilized only for specific meetings set directly by our team for purposes outside of the standard interview process (e.g., coordination or onboarding discussions). It is never the first link you will receive from us.
• Authorized Contact & Texting: Fabric will only contact you if you have submitted an application or if you are connected to a current employee who shared your information with us. We will only send text messages if you have provided explicit authorization and consent, either through your application or while communicating directly with our team. If you have not explicitly authorized us to reach out, treat any SMS or unsolicited outreach as fraudulent and do not respond.
• Sensitive Data: We will never ask you for sensitive personal or financial documents (ID, banking info, SSN) during the application, interview, or candidacy stages. All sensitive data is handled through secure internal systems post-offer.
• Verify the Team: You can reference LinkedIn to verify members of our recruiting team; however, please remain vigilant as scammers may create fraudulent profiles. Always cross-reference the sender's email domain with our official @fabrichealth.com address.