Information Security Manager – SecOpsBright Defense, LLC. • New York, New York, United States
Information Security Manager – SecOps
Bright Defense, LLC.
- New York, New York, United States
- New York, New York, United States
Über
Information Security Manager SecOps — Continuous Monitoring & Client Risk Management
Full-Time • Remote • SecOps • Compliance & Risk Focus
You’ll be the person clients trust to keep their security program on track between audits. This role lives at the intersection of technical rigor and clear communication — translating control monitoring, risk findings, and compliance gaps into actionable guidance that customers can act on.
About the role As an Information Security Manager on the Bright Defense SecOps Team, you’ll manage a portfolio of customer security programs through asynchronous collaboration, lead continuous control monitoring, assess maturity, and develop risk management strategies that strengthen client security postures. You’ll work closely with Security Consultants, Offensive Security, and other SecOps functions — and serve as the primary written voice keeping customers informed on findings, progress, and next steps.
Key responsibilities Portfolio management
Manage a portfolio of customer security programs with continuous oversight via async channels
Serve as the primary point of accountability for program health, milestone tracking, and escalation
Coordinate with assigned Security Consultants to align monitoring with each client’s overall strategy
Participate in internal syncs and contribute to broader SecOps objectives
Control monitoring & risk
Lead ongoing assessments of security controls against ISO 27001, SOC 2, NIST CSF, and other applicable frameworks
Monitor and evaluate control effectiveness, maturity levels, and residual risk exposure
Identify, track, and support remediation of control weaknesses and compliance gaps
Maintain current records of risk assessments, audit findings, and corrective action plans
Audit & compliance readiness
Review evidence and documentation to validate compliance posture across multiple frameworks
Support audit readiness for SOC 2, HIPAA, ISO 27001, PCI DSS, CMMC, and related engagements
Perform Third Party Risk Management assessments for new and existing vendors
Respond to security questionnaires on behalf of clients within a 5-business‑day SLA
Reporting & communication
Prepare accurate, professional, and actionable written reports and customer updates
Deliver data‑driven insights and recommendations with clarity and specificity
Ensure transparency across all customer‑facing communications regarding monitoring, findings, and remediation status
Continuously improve reporting standards, evidence management, and monitoring methodologies
Cross‑functional collaboration
Security Consulting
Offensive Security
SecOps Functions
Client Stakeholders
What we’re looking for Security & compliance (required)
3–6 years in information security, GRC, or compliance‑adjacent roles
Hands‑on experience with SOC 2, ISO 27001, NIST CSF, HIPAA, PCI DSS, or CMMC
Demonstrated ability to assess control effectiveness and document residual risk
Experience conducting or supporting security audits and evidence reviews
Risk management
Practical experience building or maintaining risk registers and treatment plans Communication & async work
Exceptional written communication — client‑facing reports, findings summaries, executive updates
Comfortable managing multiple engagements through async channels (Slack, email, project tools)
Able to communicate technical findings clearly to non‑technical stakeholders
Tools & platforms
GRC platforms — Drata, Vanta, Thoropass, or equivalent
Asana or similar PM tools for task and program tracking
SafeBase or equivalent for security questionnaire management
Google Workspace or Microsoft 365 proficiency
Nice to have
CISA, CISM, CISSP, or CRISC certification
MSSP or consulting firm background
Experience supporting CMMC Level 2 or ITAR‑adjacent programs
Familiarity with NYDFS 23 NYCRR Part 500 or other state‑level frameworks
Exposure to cloud security environments (AWS, Azure, GCP)
Background in healthcare, defense, or fintech regulated industries
Performance benchmarks
5 days SLA for security questionnaire responses
Monthly written updates delivered to every active client
0 gaps untracked audit findings at any point in time
Current risk registers and corrective action logs maintained
Aligned control monitoring mapped to each client’s framework scope
100% TPRM assessments completed before vendor onboarding
Compensation & perks
Competitive base salary — range shared during screening
Remote‑first with flexible working hours
Certification reimbursement (CISA, CISM, CISSP, CRISC, and others)
Direct collaboration with Bright Defense co‑founders
Broad client exposure across defense, healthcare, and fintech verticals
Clear growth path toward Senior ISM or vCISO functions
Bright Defense is an equal opportunity employer. We build diverse, high‑trust teams.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.