Senior Manager, Information Security

Want to be a bswifter?At bswift we’ve been transforming benefits administration since 1996, making it simpler, smarter, and more human. Our state-of-the-art, cloud-based technology and services empower employees to understand, manage, and love their benefits. From downtown Chicago, and remotely across the country, we serve thousands of companies and millions of people nationwide, reducing administrative burdens and freeing HR teams to focus on creating thriving, people-first workplaces.We’re looking for motivated and goal-driven individuals who share our passion for delivering excellence and creating solutions that make a difference. The reward is a fun, flexible and creative environment with ample opportunity for professional and personal growth. If you love the bswift values of pursue excellence, embrace accountability, deliver superior service, and be a great place to work, we want to hear from you!ABOUT US: bswift is a leading benefits administration company that specializes in providing tailored solutions for our clients. Our mission is to simplify the complex world of employee benefits and deliver exceptional service to our clients. We are looking for a talented and experienced individual to join our team as the Senior Information Security Manager.WHAT YOU’LL DO The Senior Information Security Manager plays a critical leadership role in protecting sensitive healthcare data and enabling trust in a cloud‑based SaaS platform. Reporting to the CISO, this leader executes and scales the enterprise information security program, oversees security operations, ensures regulatory compliance, and embeds security practices across product, engineering, and business teams. This role requires a deep understanding of healthcare data regulations, SaaS delivery models, cloud security, and the ability to balance risk management with business agility.WHAT YOU WILL BE RESPONSIBLE FOR (Essential Functions): Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.Security Program Execution & GovernanceLead execution of the enterprise information security program aligned with business objectives, regulatory requirements, and risk tolerance. Translate security strategy into prioritized roadmaps, operational plans, and measurable outcomes. Maintain and evolve security policies, standards, and procedures for a healthcare SaaS environment. Act as a trusted security advisor to Product, Engineering, IT, and Customer Operations.Benefits & Healthcare Data ProtectionEnsure strong safeguards for PII and PHI throughout the benefits lifecycle. Support customer security due diligence (questionnaires, audits, BAAs). Partner with Legal and Privacy on risk assessments and regulatory‑appropriate incident handling. Own or support compliance with HIPAA/HITECH, HITRUST CSF, and SOC 2 Type II.Security Operations & Incident ResponseOversee threat detection/response, vulnerability management, IAM, endpoint security, and incident response processes. Lead or coordinate security incident response, including containment, communication, and executive updates. Drive continuous improvement through post‑incident reviews and control enhancements.Cloud, SaaS & Platform SecurityPartner with Engineering and Infrastructure teams to secure AWS and/or Azure environments, CI/CD pipelines, and SaaS architecture. Ensure security is embedded into SDLC, cloud design, configuration management, and change management. Promote secure‑by‑design and defense‑in‑depth principles.Vendor, MSSP & Third‑Party RiskManage MSSPs/MDRs supporting day‑to‑day security operations. Lead RFPs, vendor evaluations, contract negotiations, and renewals. Oversee third‑party risk for vendors accessing sensitive benefits data.Metrics, Reporting & Executive CommunicationDefine and track security KPIs, KRIs, and control maturity measures. Provide concise, meaningful reporting to the CISO and executive leadership. Communicate risks and recommendations in business‑focused language.Team Leadership & Security CultureBuild, mentor, and develop a high‑performing security team. Foster a culture of accountability, collaboration, and continuous improvement. Lead security awareness and training programs. Champion a security‑first mindset that supports innovation.WHAT YOU NEED TO SUCCEED (Required Education & Experience):8+ years of information security experience, including 3+ years in leadership or people management. Experience operating security programs in SaaS, benefits administration, HR tech, or healthcare‑adjacent environments.Strong working knowledge of:HIPAA/HITECHHITRUST CSFSOC 2NIST CSF or ISO 27001Hands‑on experience with:SIEM / MDREndpoint protection / EDRIAMVulnerability management toolsStrong understanding of cloud security (AWS and/or Azure). Demonstrated incident response leadership and regulator‑appropriate communication. Experience managing vendors, MSSPs, and third‑party risk programs. Strong project/program management skills.NICE