Senior Manager, Information Security

ABOUT US:
bswift is a leading benefits administration company that specializes in providing tailored solutions for our clients. Our mission is to simplify the complex world of employee benefits and deliver exceptional service to our clients. We are looking for a talented and experienced individual to join our team as the Senior Information Security Manager.

WHAT YOU’LL DO
The Senior Information Security Manager plays a critical leadership role in protecting sensitive healthcare data and enabling trust in a cloud‑based SaaS platform. Reporting to the CISO, this leader executes and scales the enterprise information security program, oversees security operations, ensures regulatory compliance, and embeds security practices across product, engineering, and business teams.
This role requires a deep understanding of healthcare data regulations, SaaS delivery models, cloud security, and the ability to balance risk management with business agility.

WHAT YOU WILL BE RESPONSIBLE FOR (Essential Functions):
Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.
Security Program Execution & Governance

Lead execution of the enterprise information security program aligned with business objectives, regulatory requirements, and risk tolerance.
Translate security strategy into prioritized roadmaps, operational plans, and measurable outcomes.
Maintain and evolve security policies, standards, and procedures for a healthcare SaaS environment.
Act as a trusted security advisor to Product, Engineering, IT, and Customer Operations.

Benefits & Healthcare Data Protection

Ensure strong safeguards for PII and PHI throughout the benefits lifecycle.
Support customer security due diligence (questionnaires, audits, BAAs).
Partner with Legal and Privacy on risk assessments and regulatory‑appropriate incident handling.
Own or support compliance with HIPAA/HITECH, HITRUST CSF, and SOC 2 Type II.

Security Operations & Incident Response

Oversee threat detection/response, vulnerability management, IAM, endpoint security, and incident response processes.
Lead or coordinate security incident response, including containment, communication, and executive updates.
Drive continuous improvement through post‑incident reviews and control enhancements.

Cloud, SaaS & Platform Security

Partner with Engineering and Infrastructure teams to secure AWS and/or Azure environments, CI/CD pipelines, and SaaS architecture.
Ensure security is embedded into SDLC, cloud design, configuration management, and change management.
Promote secure‑by‑design and defense‑in‑depth principles.

Vendor, MSSP & Third‑Party Risk

Manage MSSPs/MDRs supporting day‑to‑day security operations.
Lead RFPs, vendor evaluations, contract negotiations, and renewals.
Oversee third‑party risk for vendors accessing sensitive benefits data.

Metrics, Reporting & Executive Communication

Define and track security KPIs, KRIs, and control maturity measures.
Provide concise, meaningful reporting to the CISO and executive leadership.
Communicate risks and recommendations in business‑focused language.

Team Leadership & Security Culture

Build, mentor, and develop a high‑performing security team.
Foster a culture of accountability, collaboration, and continuous improvement.
Lead security awareness and training programs.
Champion a security‑first mindset that supports innovation.

WHAT YOU NEED TO SUCCEED (Required Education & Experience):

8+ years of information security experience, including 3+ years in leadership or people management.
Experience operating security programs in SaaS, benefits administration, HR tech, or healthcare‑adjacent environments.
Strong working knowledge of:

HIPAA/HITECH
HITRUST CSF
SOC 2
NIST CSF or ISO 27001

Hands‑on experience with:

SIEM / MDR
Endpoint protection / EDR
IAM
Vulnerability management tools

Strong understanding of cloud security (AWS and/or Azure).
Demonstrated incident response leadership and regulator‑appropriate communication.
Experience managing vendors, MSSPs, and third‑party risk programs.
Strong project/program management skills.

NICE TO HAVE (Preferred Qualifications):

CISSP, CISM, CISA, or similar certifications.
Experience supporting large healthcare customers, payers, or providers.
Familiarity with GDPR or CCPA.
Experience scaling security programs in high‑growth or private‑equity‑backed SaaS companies.
Comfortable participating in customer calls and audits as a SME.

Key Attributes for Success

Customer‑trust oriented.
Operationally grounded with focus on real‑world risk reduction.
Makes balanced, risk‑based decisions.
Clear communicator able to translate technical risk into business impact.
People‑focused leader who develops talent and builds durable capability.

Education

Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.

OTHER DUTIES
This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee. Duties and responsibilities may change at any time with or without notice.

Why Join bswift?

At bswift, we empower our employees to make a meaningful impact, innovate, and grow. Joining our team means stepping into a collaborative and dynamic environment that values creativity, initiative, and a passion for client success. We are dedicated to fostering an inclusive workplace that celebrates diversity and values each team member’s unique contributions.

Benefits of Working at bswift:

• Comprehensive Health Benefits: Access to health, dental, and vision plans to support your wellness and that of your family.
• Competitive Compensation: A compensation package that recognizes your skills, experience, and contributions, including performance-based incentives for most roles.
• Remote first, Office friendly environment! No time to commute? No problem!
• Retirement Savings Plans: Options to help you plan for a secure financial future with employer-sponsored retirement savings programs.
• Professional Development: Opportunities for career growth, including training and access to resources to support your career progression.
• Supportive Culture: A work environment that encourages collaboration, open communication, and creative problem-solving, where your voice and ideas are valued.
• Employee Wellbeing Initiatives: Programs focused on mental health, financial planning, and wellness resources to help you thrive inside and outside of work.

Make an Impact: At bswift, your work directly contributes to transforming how organizations approach benefits administration and client engagement. Join us to be part of an organization that is making a meaningful difference in the lives of our clients and their employees.

Specific benefit offerings vary by position and may be subject to change.

Standard working hours are 8am-5pm Central Time, unless otherwise stated in the Job Description.

In the spirit of pay transparency, we are excited to share the base salary range for this position is $XX.00-$XX.00, exclusive of fringe benefits or potential bonuses. If you are hired at bswift, your final base salary compensation will be determined based on factors such as geographic location, skills, education, and/or experience. In addition to those factors – we believe in the importance of pay equity and consider internal equity of our current team members as a part of any final offer. Please keep in mind that the range mentioned above is the full base salary range for the role. Hiring at the maximum of the range would not be typical in order to allow for future & continued salary growth. We also offer a generous compensation and benefits package!