RethinkFirst

Manager, Information Security

RethinkFirst

full-time

Posted on:

Location Type: Remote

Location: Remote • Alabama, Arizona, Connecticut, Florida, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Minnesota, Missouri, Montana, Nevada, New Hampshire, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Virginia, Washington, Wisconsin, Wyoming • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

SeniorLead

Tech Stack

AzureCloudSDLC

About the role

  • Lead the end-to-end Security Assurance function across SOC 2, HIPAA, HITRUST, and regulatory frameworks.
  • Act as the program manager for all audits, coordinating with Legal, HR, Engineering, Product, and Infrastructure to maintain year-round audit readiness.
  • Own the implementation, configuration, optimization, and continuous operation of Vanta, including: Control mapping and ownership assignments, Evidence collection workflows, Vendor risk management modules, Client Trust functionality (best answers, trust portal, knowledge base).
  • Build and maintain an audit calendar, evidence repository, and standardized evidence collection playbooks.
  • Drive development and continuous maintenance of security policies, standards, and procedures.
  • Operate the Third-Party Risk Management process, including vendor classification (Tier 1/BAA), questionnaire review, residual risk scoring, and contract security review.
  • Respond to customer security questionnaires, RFPs, and client audit requests with clarity, accuracy, and speed.
  • Partner with the SecOps Engineers to build daily operational cadence across alerts, incidents, vulnerability management, and hygiene controls.
  • Ensure controls monitored by Tenable, Microsoft Defender, Sentinel, and other platforms produce audit-ready evidence.
  • Help design operational dashboards and KPIs for incident response, vulnerability SLAs, and hygiene metrics.
  • Validate operational controls for compliance frameworks (MFA, SSO, logging, monitoring, access reviews, backups, endpoint security, network protections, etc.).
  • Work with Engineering, Architecture, and DevOps teams to ensure Product and AppSec controls align with SOC 2 and HITRUST expectations.
  • Contribute to secure SDLC processes, risk assessments for new features, and remediation tracking for vulnerabilities and findings.
  • Validate that security requirements are integrated into CI/CD workflows where appropriate.

Requirements

  • 7+ years of progressive experience in Information Security, with at least 3+ years in a governance, compliance, or Security Assurance leadership role.
  • Direct experience implementing or operating Vanta (must be hands-on).
  • Strong experience supporting and maturing SOC 2 Type II, HIPAA Security Rule, and HITRUST programs in a SaaS environment.
  • Deep understanding of Microsoft Azure security architecture, including Entra ID, RBAC, Conditional Access, Defender for Cloud, Sentinel, and workload identities.
  • Clear understanding of audit control design, evidence, and auditor expectations.
  • Experience building vendor risk programs, reviewing DPAs and BAAs, and performing vendor due diligence.
  • Excellent writing skills for policies, procedures, client responses, and audit documentation.
  • Demonstrated ability to lead complex projects with multiple stakeholders and tight deadlines.
  • Strong communication and relationship-building skills across technical and non-technical teams.
Benefits
  • Generous health, dental, & vision benefits package
  • Flexible paid time off
  • 11 paid company holidays
  • 401k + matching
  • Parental leave
  • Access to our award-winning RethinkCare platform supporting neurodiversity in the workplace through parental success, professional resilience, and personal wellbeing.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Security AssuranceSOC 2HIPAAHITRUSTVantaThird-Party Risk ManagementCI/CD workflowsaudit control designvendor risk managementsecure SDLC
Soft skills
writing skillsproject managementcommunication skillsrelationship-buildingleadershiporganizational skillsattention to detailcollaborationproblem-solvingtime management