Sr. Manager, Security

What You'll Do

The Sr. Manager, Security serves as both a strategic and hands-on leader within Strive Health’s Information Security team. This individual will provide operational oversight for the security analyst team while building and executing scalable processes, metrics, and governance structures that enable consistent, measurable, and proactive security outcomes across the organization. This role balances people leadership, program ownership, and technical depth. The Sr. Manager, Security will drive initiatives that mature the company’s security posture, align security operations to business objectives, and ensure adherence to frameworks such as HITRUST, SOC 2, and HIPAA. Acting as a connector between technical and executive stakeholders, the Sr. Manager, Security will create clarity, accountability, and predictability within the security function. 

The Day to Day 

• Lead and develop the Security Analyst team, setting clear expectations, coaching for growth, and driving measurable outcomes aligned with departmental goals. 
• Develop, maintain, and execute the Security team roadmap, ensuring initiatives are prioritized, tracked, and delivered on schedule. 
• Build and refine repeatable processes for vulnerability management, incident response, access reviews, and compliance monitoring, ensuring operational consistency. 
• Drive accountability and alignment across team members to Strive’s security policies, standards, and overall risk management objectives. 
• Establish, track, and report key security metrics to measure program effectiveness, maturity, and progress toward strategic objectives. 
• Collaborate cross-functionally with IT, Engineering, and Compliance to operationalize security controls, validate configurations, and maintain adherence to best practices. 
• Serve as the primary escalation point and technical advisor for cloud, enterprise, and SaaS security issues, ensuring effective remediation and secure configurations. 
• Evaluate and recommend tools and technologies to enhance automation, visibility, and incident response capabilities within the security program. 
• Ensure audit readiness and documentation quality, maintaining procedures, controls, and evidence for HITRUST, SOC 2, and HIPAA compliance. 
• Model integrity, excellence, and continuous improvement, leading post-incident reviews, identifying lessons learned, and fostering a proactive security culture. 

Minimum Qualifications 

• 9+ years combined of related education, experience, or certification
• 5+ years of experience in Information Security, including cloud, infrastructure, and application domains. 
• 4+ years of experience securing cloud environments (AWS, Azure, or GCP) with modern tooling (SIEM, EDR, DLP, DSPM, CASB, Firewalls). 
• 2+ years of experience in developing and managing security roadmaps, metrics dashboards, and process documentation. 
• 1+ years of experience in leading security operations functions, including incident response, vulnerability management, and policy enforcement. 
• Internet Connectivity - Min Speeds: 100Mbps/10Mbps (up/down): Latency <60 ms.   
• Ability to travel and be onsite to meet business needs.  

Preferred Qualifications 

• Experience designing and implementing automation for security operations or compliance reporting. 
• Certification(s) such as CISSP, CCSP, CISM, or equivalent. 
• Familiarity with DevSecOps practices and CI/CD pipeline security controls. 
• Strong analytical and strategic thinking skills with the ability to drive consensus and decision-making across teams. 
• Experience mentoring engineers and analysts to develop both technical and professional competencies. 

About You 

• Act as a role model for professional integrity, technical excellence, curiosity, and proactive problem solving across the Security organization. 
• Experience working in a startup environment 
• Ability to focus on remediating the right risks at the right time based on company size and risk posture. 
• Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical audiences. 
• Strong understanding of HITRUST and HIPAA security frameworks 
• Track record of building and leading high-performing teams while delivering measurable operational improvements. 

Annual Base Salary Range: $109,000 - $136,000