bswift
Helping companies be ready for all their benefits needs, today and tomorrow.
Senior Manager, Information Security
Location
United States
Posted
28 days ago
Salary
Not specified
Bachelor Degree8 yrs expEnglishAWSAzureCloudSDLC
Job Description
• Lead execution of the enterprise information security program aligned with business objectives, regulatory requirements, and risk tolerance.
• Translate security strategy into prioritized roadmaps, operational plans, and measurable outcomes.
• Maintain and evolve security policies, standards, and procedures for a healthcare SaaS environment.
• Act as a trusted security advisor to Product, Engineering, IT, and Customer Operations.
• Ensure strong safeguards for PII and PHI throughout the benefits lifecycle.
• Support customer security due diligence (questionnaires, audits, BAAs).
• Partner with Legal and Privacy on risk assessments and regulatory‑appropriate incident handling.
• Own or support compliance with HIPAA/HITECH, HITRUST CSF, and SOC 2 Type II.
• Oversee threat detection/response, vulnerability management, IAM, endpoint security, and incident response processes.
• Lead or coordinate security incident response, including containment, communication, and executive updates.
• Drive continuous improvement through post‑incident reviews and control enhancements.
• Partner with Engineering and Infrastructure teams to secure AWS and/or Azure environments, CI/CD pipelines, and SaaS architecture.
• Ensure security is embedded into SDLC, cloud design, configuration management, and change management.
• Promote secure‑by‑design and defense‑in‑depth principles.
• Manage MSSPs/MDRs supporting day‑to‑day security operations.
• Lead RFPs, vendor evaluations, contract negotiations, and renewals.
• Oversee third‑party risk for vendors accessing sensitive benefits data.
• Define and track security KPIs, KRIs, and control maturity measures.
• Provide concise, meaningful reporting to the CISO and executive leadership.
• Communicate risks and recommendations in business‑focused language.
• Build, mentor, and develop a high‑performing security team.
• Foster a culture of accountability, collaboration, and continuous improvement.
• Lead security awareness and training programs.
• Champion a security‑first mindset that supports innovation.
Job Requirements
- 8+ years of information security experience, including 3+ years in leadership or people management.
- Experience operating security programs in SaaS, benefits administration, HR tech, or healthcare‑adjacent environments.
- Strong working knowledge of:
- HIPAA/HITECH
- HITRUST CSF
- SOC 2
- NIST CSF or ISO 27001
- Hands‑on experience with:
- SIEM / MDR
- Endpoint protection / EDR
- IAM
- Vulnerability management tools
- Strong understanding of cloud security (AWS and/or Azure).
- Demonstrated incident response leadership and regulator‑appropriate communication.
- Experience managing vendors, MSSPs, and third‑party risk programs.
- Strong project/program management skills.
- Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.
Benefits
- Comprehensive Health Benefits: Access to health, dental, and vision plans to support your wellness and that of your family.
- Competitive Compensation: A compensation package that recognizes your skills, experience, and contributions, including performance-based incentives for most roles.
- Remote first, Office friendly environment! No time to commute? No problem!
- Retirement Savings Plans: Options to help you plan for a secure financial future with employer-sponsored retirement savings programs.
- Professional Development: Opportunities for career growth, including training and access to resources to support your career progression.
- Supportive Culture: A work environment that encourages collaboration, open communication, and creative problem-solving, where your voice and ideas are valued.
- Employee Wellbeing Initiatives: Programs focused on mental health, financial planning, and wellness resources to help you thrive inside and outside of work.
