Senior Manager, Information Security

About The Position

Requirements

• 8+ years of information security experience, including 3+ years in leadership or people management.
• Experience operating security programs in SaaS, benefits administration, HR tech, or healthcare‑adjacent environments.
• Strong working knowledge of:
• HIPAA/HITECH
• HITRUST CSF
• SOC 2
• NIST CSF or ISO 27001
• Hands‑on experience with:
• SIEM / MDR
• Endpoint protection / EDR
• IAM
• Vulnerability management tools
• Strong understanding of cloud security (AWS and/or Azure).
• Demonstrated incident response leadership and regulator‑appropriate communication.
• Experience managing vendors, MSSPs, and third‑party risk programs.
• Strong project/program management skills.

Nice To Haves

• CISSP, CISM, CISA, or similar certifications.
• Experience supporting large healthcare customers, payers, or providers.
• Familiarity with GDPR or CCPA.
• Experience scaling security programs in high‑growth or private‑equity‑backed SaaS companies.
• Comfortable participating in customer calls and audits as a SME.
• Customer‑trust oriented.
• Operationally grounded with focus on real‑world risk reduction.
• Makes balanced, risk‑based decisions.
• Clear communicator able to translate technical risk into business impact.
• People‑focused leader who develops talent and builds durable capability.

Responsibilities

• Security Program Execution & Governance
• Lead execution of the enterprise information security program aligned with business objectives, regulatory requirements, and risk tolerance.
• Translate security strategy into prioritized roadmaps, operational plans, and measurable outcomes.
• Maintain and evolve security policies, standards, and procedures for a healthcare SaaS environment.
• Act as a trusted security advisor to Product, Engineering, IT, and Customer Operations.
• Benefits & Healthcare Data Protection
• Ensure strong safeguards for PII and PHI throughout the benefits lifecycle.
• Support customer security due diligence (questionnaires, audits, BAAs).
• Partner with Legal and Privacy on risk assessments and regulatory‑appropriate incident handling.
• Own or support compliance with HIPAA/HITECH, HITRUST CSF, and SOC 2 Type II.
• Security Operations & Incident Response
• Oversee threat detection/response, vulnerability management, IAM, endpoint security, and incident response processes.
• Lead or coordinate security incident response, including containment, communication, and executive updates.
• Drive continuous improvement through post‑incident reviews and control enhancements.
• Cloud, SaaS & Platform Security
• Partner with Engineering and Infrastructure teams to secure AWS and/or Azure environments, CI/CD pipelines, and SaaS architecture.
• Ensure security is embedded into SDLC, cloud design, configuration management, and change management.
• Promote secure‑by‑design and defense‑in‑depth principles.
• Vendor, MSSP & Third‑Party Risk
• Manage MSSPs/MDRs supporting day‑to‑day security operations.
• Lead RFPs, vendor evaluations, contract negotiations, and renewals.
• Oversee third‑party risk for vendors accessing sensitive benefits data.
• Metrics, Reporting & Executive Communication
• Define and track security KPIs, KRIs, and control maturity measures.
• Provide concise, meaningful reporting to the CISO and executive leadership.
• Communicate risks and recommendations in business‑focused language.
• Team Leadership & Security Culture
• Build, mentor, and develop a high‑performing security team.
• Foster a culture of accountability, collaboration, and continuous improvement.
• Lead security awareness and training programs.
• Champion a security‑first mindset that supports innovation.

Benefits

• Comprehensive Health Benefits: Access to health, dental, and vision plans to support your wellness and that of your family.
• Competitive Compensation: A compensation package that recognizes your skills, experience, and contributions, including performance-based incentives for most roles.
• Remote first, Office friendly environment! No time to commute? No problem!
• Retirement Savings Plans: Options to help you plan for a secure financial future with employer-sponsored retirement savings programs.
• Professional Development: Opportunities for career growth, including training and access to resources to support your career progression.
• Supportive Culture: A work environment that encourages collaboration, open communication, and creative problem-solving, where your voice and ideas are valued.
• Employee Wellbeing Initiatives: Programs focused on mental health, financial planning, and wellness resources to help you thrive inside and outside of work.