Manager, Information Security

Bamboo Health is a leader in cloud-based care coordination software and analytics solutions focused on patients with complex needs, including those suffering from physical health and mental health issues and substance use disorders. We are driven by our mission of enabling better care for patients across the continuum. Our software solutions help healthcare professionals collaborate on shared patients across the spectrum of care. Join us in improving healthcare for all!  

Summary:

We are seeking a dynamic and experienced Manager of Information Security to lead the prevention, detection, and response efforts within our security ecosystem. This role will bridge strategic planning with hands-on operational execution, ensuring comprehensive security measures are in place for both our enterprise IT infrastructure and healthcare software products. 

As the Manager of Information Security, you will enhance and integrate security policies, processes, and tools while fostering a "security-first" culture across Product and Development teams. Building on the insights of our recent cybersecurity maturity assessments, you will develop and execute a strategic roadmap to achieve target security objectives. 

You will oversee key security functions, including real-time monitoring, incident response, and compliance support, while ensuring alignment with cloud security best practices. You will work closely with cross-functional leadership, including Engineering and Product teams, to ensure integration of security into our product development lifecycle. 

What You’ll Do:

• Integrate security into the SDLC and promote DevSecOps and Infrastructure-as-Code.
• Use AI and automation to improve detection, prevention, and incident response capabilities.
• Lead security incidents from detection to resolution, ensuring effective response.
• Develop and execute a 2–3-year security roadmap, focusing on continuous improvement.
• Establish and report on security KPIs through dashboards and regular updates.
• Evaluate emerging technologies, including AI, to assess cybersecurity risks and strategic opportunities while staying current on security trends and healthcare standards.
• Lead and mentor a high-performing Security Operations team, fostering growth and agility.
• Promote a culture of security awareness and continuous learning across teams.
• Manage vulnerability and application security testing processes, reporting progress regularly.
• Maintain and enhance critical security tools (SIEM, EDR, cloud monitoring, IAM).
• Collaborate with engineering to integrate security in product development and maintain secure configurations.
• Drive continuous improvement in security operations and integrate new services.
• Work with Product and Engineering teams to align security with business goals and innovation.
• Champion data integrity and confidentiality across all teams.
• Support audit and certification efforts (SOC2, HITRUST, NIST 800-53).
• Conduct access reviews and maintain documentation for security operations and compliance.

What Success Looks Like…

In 3 months…

• You will have familiarized yourself with the Bamboo Health products, organizational structure (with specific focus on the Engineering and Product teams) and establish key contacts.
• You will have familiarized yourself with key technologies, services, tools, processes, and compliance programs in use by the Information Security department.
• You will report on key metrics related to vulnerability management and incident response.
• You will participate in the on-call rotation for incident response.

In 6 months…

• You will engage with Engineering and Product teams to report, prioritize, and escalate key product-related information security risks.
• You will work with your team and with IT to continuously improve cybersecurity prevention, detection, and response capabilities including SIEM escalation rules and automations.
• Projects will be prioritized and managed to work towards continuously maturing the cybersecurity capabilities of the Information Security department.

In 12 months…

• You will be familiar with our company’s development platforms and technologies and be able to promote DevSecOps principles and ideas to our Engineering teams.
• You will be comfortable navigating our compliance landscape and assisting with compliance projects when required using assistance from our subject matter experts in audit and compliance.
• You will be able to demonstrate measurable cybersecurity operations program improvements.

What You Need:

• Minimum 4-6 years professional experience in a cybersecurity role.
• Bachelor’s degree in Information Security, Computer Science, or related field preferred. Combination of equivalent experience or industry-appropriate cybersecurity certifications are acceptable substitutes. 
• Proven experience in cybersecurity operations, with leadership in managing and scaling security teams. 
• Strong understanding of DevSecOps principles, incident response, and security operations tools (e.g., SIEMs, log analysis, IAM platforms, cloud tools, endpoint detection and response). 
• Familiarity with and exposure to compliance frameworks and certifications (e.g., SOC2, HITRUST, NIST 800-53, FedRAMP). 
• Experience in mentoring and developing high-performing teams. 
• Ability to translate strategic security initiatives into actionable operations plans. 
• A high level of judgment, analytical ability and creativity in investigating problems that require original and innovative solutions.
• Experience working a fast-paced, rapidly changing work environments. 
• A work environment that is conducive to high quality virtual interactions. This includes but is not limited to being able to work from a quiet space with minimal interruptions or distractions, and a strong internet connection.

What You Get: 

• Join one of the most innovative healthcare technology companies in the country.
• Have the autonomy to build something with an enthusiastically supportive team.
• Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.
• Receive competitive compensation, including equity, with health, dental, vision and other benefits.

Belonging at Bamboo

We Care. #BambooHealthValuesCare

Every human being has the right to the best possible healthcare. Our solutions enable healthcare professionals to see and treat every individual as a whole person by providing the right information, at the right time – regardless of physical, behavioral, or social barriers. 

We’re a great place to work because we care. We continually seek to learn about our differences and ensure the unique identities and contributions of all employees are welcome, valued and celebrated. 

Our commitment to making a positive impact starts by recognizing and leveraging our differences, building inclusive teams, cultivating a sense of belonging, combating biases, and actively removing barriers to equity.

Bamboo Health is proud to be an Equal Employment Opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. 

To protect our applicants from fraudulent recruitment activity, we recommend that all applicants verify the validity of an interview and hiring process by visiting our website www.bamboohealth.com. All valid job postings will be listed on our careers page. Bamboo Health does not conduct interviews via text and will not request sensitive information such as banking details during the application process.