Security and Privacy Manager

Who we are:

EHE Health is the leading national preventive healthcare provider network partnering with mid- and
large-sized employers to help their employees and dependents stay healthy by screening and diagnosing health risks through comprehensive exams, allowing for early intervention. Named by Fortune Magazine and Great Place to Work® as one of the Best Workplaces in healthcare, EHE Health is headquartered in
New York City and has over 200 health clinics and practices across the U.S., staffed by a network of
curated primary care physicians and clinicians.

EHE Health was acquired by Consello Capital, the private equity arm of Consello. This transformative partnership leverages Consello’s proven expertise in scaling high-growth ventures and its extensive network of industry leaders. Together, EHE Health and Consello will unlock unprecedented
opportunities to accelerate EHE Health’s mission of revolutionizing preventive care.

What we’re looking for:

EHE Health is seeking a talented Security and Privacy Manager to lead and evolve our enterprise cybersecurity and privacy program, reducing risk exposure and strengthening our control environment. This role will be responsible for advancing our compliance and certification efforts, while conducting internal audits, risk assessments and ongoing security analyses to ensure our processes and controls remain effective, scalable and aligned with industry best practices.

The ideal candidate is intellectually curious, detail-oriented and proactive with a collaborative mindset and a bias toward continuous improvement rather than maintaining the status quo. This individual will bring both the capability and ambition to grow within the organization. To support this trajectory, the Security and Privacy Manager will partner closely with a fractional CISO who will provide hands-on mentorship, strategic guidance and development support, enabling the individual to build the experience and leadership capabilities required for long-term success.

In this role, you will:

• Conduct comprehensive security and privacy audits across networks, systems, applications, platforms, databases, and operational processes in alignment with established audit standards
• Support and perform enterprise risk assessments to evaluate the design and effectiveness of controls across EHE’s technology and business environments
• Manage the third-party risk management program, including due diligence, ongoing monitoring, and enforcement of EHE security and privacy requirements
• Partner with IT and business stakeholders to communicate control requirements, strengthen adoption, and reinforce a robust control environment
• Drive enterprise-wide awareness of cybersecurity and privacy policies through targeted education and engagement initiatives
• Monitor and analyze security event data across computing platforms, networks, and security tools to identify risks, trends, and potential threats
• Develop and deliver regular security metrics, dashboards, and operational reports to inform decision-making and leadership visibility
• Conduct ongoing threat research, including emerging technologies such as artificial intelligence and evolving threat actors, to proactively assess business impact
• Design and implement scalable, measurable, and repeatable security and privacy strategies aligned with organizational objectives
• Lead and manage responses to prospective and existing client security and privacy inquiries, including questionnaires, due diligence requests, and audits

What the role requires:

• Bachelor’s degree in Information Security, Computer Science, or a related field
• 3–5 years’ experience in information security, cybersecurity, or privacy program operations
• Hands-on experience supporting or operating security and/or privacy programs within ISO27001, ISO27701, SOC2 Type 2 frameworks
• Working knowledge of HIPAA and the HITECH Act, healthcare or regulated industry experience preferred
• Relevant industry certifications (e.g., CISSP, CCSP, CISM) preferred
• Practical experience participating in cybersecurity incident response, either as a respondent or incident manager
• Familiarity with the NIST Cybersecurity Framework (CSF), including its core functions: Govern, Identify, Protect, Detect, Respond and Recover
• Strong written and verbal communication skills, with the ability to clearly convey complex security concepts to both technical and non-technical stakeholders
• Demonstrable experience implementing or auditing identity and access management for on-premise and cloud-based services
• Ability to identify and assess emerging technology risks (e.g. software supply chain and AI)

What we offer:

• Competitive salary
• Medical, dental, vision, life and disability insurance
• Employer-matched 401(k) plan
• Professional development reimbursement
• Employee access to our wellness clinics
• Gym reimbursement/fitness bonus

The salary range for this role is $75,000 - $125,000 and is determined by a number of factors including the candidate’s experience, qualifications and skills.

EHE is committed to Equal Employment Opportunity and to attracting and retaining the most qualified employees.