Director, Information Security

ABOUT US

bswift is a leading benefits administration company that specializes in providing tailored solutions for our clients. Our mission is to simplify the complex world of employee benefits and deliver exceptional service to our clients. We are looking for a seasoned security leader to join our team as the Director of Information Security.

WHAT YOU’LL DO

The Director of Information Security is a senior leader responsible for owning, scaling, and continuously maturing bswift’s enterprise information security program. Reporting to the Chief Information Security Officer (CISO), this role provides strategic leadership and operational oversight to protect sensitive healthcare data, ensure regulatory compliance, and enable secure growth of a cloud‑based SaaS platform.

This role partners closely with executive leadership, Product, Engineering, IT, Legal, Privacy, and Customer Operations to embed security into business strategy and day‑to‑day execution. The Director balances risk management with business agility while maintaining customer trust and regulatory confidence.

WHAT YOU WILL BE RESPONSIBLE FOR (Essential Functions)

Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

Security Strategy, Program Ownership & Governance

• Own and evolve the enterprise information security program aligned with business objectives, regulatory requirements, and risk tolerance.
• Translate security strategy into multi‑year roadmaps, annual operating plans, and measurable outcomes.
• Establish and maintain security governance, policies, standards, and procedures for a healthcare SaaS environment.
• Serve as a senior security advisor to executive leadership and key business stakeholders.
• Support the CISO in enterprise risk discussions, audits, and Board‑level reporting as needed.

Benefits & Healthcare Data Protection

• Ensure strong safeguards for PII and PHI across the full benefits administration lifecycle.
• Lead customer security due diligence efforts, including questionnaires, audits, and Business Associate Agreements (BAAs).
• Partner with Legal, Privacy, and Compliance teams on risk assessments, incident response readiness, and regulator‑appropriate handling.
• Own or provide executive oversight for compliance with HIPAA/HITECH, HITRUST CSF, and SOC 2 Type II.

Security Operations & Incident Management

• Provide strategic oversight of security operations, including threat detection and response, vulnerability management, IAM, endpoint security, and monitoring.
• Act as an executive leader during security incidents, overseeing containment, communication, remediation, and post‑incident reviews.
• Ensure continuous improvement of controls, playbooks, and response capabilities.

Cloud, SaaS & Platform Security

• Partner with Engineering and Infrastructure leadership to secure AWS and/or Azure environments, CI/CD pipelines, and SaaS architecture.
• Ensure security is embedded into SDLC, cloud design, configuration management, and change management processes.
• Champion secure‑by‑design and defense‑in‑depth principles across the technology organization.

Vendor, MSSP & Third‑Party Risk Management

• Own strategic relationships with MSSPs, MDR providers, and key security vendors.
• Lead RFPs, vendor evaluations, contract negotiations, and renewals.
• Oversee third‑party risk management for vendors handling sensitive benefits and healthcare data.

Metrics, Reporting & Executive Communication

• Define and monitor security KPIs, KRIs, and control maturity metrics.
• Deliver concise, actionable security reporting to the CISO and executive leadership.
• Communicate complex security risks and recommendations in clear, business‑focused language.

Team Leadership & Security Culture

• Build, lead, and develop a high‑performing information security organization.
• Set clear expectations, career paths, and development plans for team members.
• Foster a culture of accountability, collaboration, and continuous improvement.
• Lead enterprise‑wide security awareness and training initiatives.
• Champion a security‑first mindset that enables innovation and growth.

WHAT YOU NEED TO SUCCEED (Required Education & Experience)

• 10+ years of progressive information security experience, including 5+ years in senior leadership roles.
• Demonstrated experience owning and scaling security programs in SaaS, benefits administration, HR tech, or healthcare‑adjacent environments.
• Deep working knowledge of:
  • HIPAA/HITECH
  • HITRUST CSF
  • SOC 2
  • NIST CSF and/or ISO 27001
• Strong understanding of cloud security architecture (AWS and/or Azure).
• Proven leadership during security incidents with executive‑level and regulator‑appropriate communication.
• Experience managing MSSPs, MDR providers, and third‑party risk programs.
• Strong program and stakeholder management skills with executive presence.

NICE TO HAVE (Preferred Qualifications)

• CISSP, CISM, CISA, or similar certifications.
• Experience supporting large healthcare customers, payers, or providers.
• Familiarity with GDPR, CCPA, or other global privacy frameworks.
• Experience scaling security programs in high‑growth or private‑equity‑backed SaaS organizations.
• Comfort serving as a customer‑facing security SME during audits and sales cycles.

KEY ATTRIBUTES FOR SUCCESS

• Customer‑trust oriented and risk‑aware.
• Strategic thinker with strong operational execution skills.
• Makes balanced, risk‑based decisions aligned to business priorities.
• Clear, confident communicator with executives and technical teams.
• People‑first leader who builds durable, scalable security capabilities.

EDUCATION

Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee. Duties and responsibilities may change at any time with or without notice.