Senior Manager, Information Security

Sword Health is on a mission to free two billion people from pain as the world’s first and only end-to-end platform to predict, prevent and treat pain. 

Delivering a 62% reduction in pain and a 60% reduction in surgery intent, at Sword, we are using technology to save millions for our 2,500+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, General Catalyst, and Khosla Ventures. 

Recognized as a Forbes Best Startup Employer in 2023, this award highlights our focus on being a destination for the best and brightest talent. Not only have we experienced unprecedented growth since our market debut in 2020, but we’ve also created a remarkable mission and value-driven environment that is loved by our growing team. With a recent valuation of $2 billion, we are in a phase of hyper growth and expansion, and we’re looking for individuals with passion, commitment, and energy to help us scale our impact. 

Joining Sword Health means committing to a set of core values, chief amongst them to “do it for the patients” every day, and to always “deliver more than expected” on behalf of our members and clients.

This is an opportunity for you to make a significant difference on a massive scale as you work alongside 800+ (and growing!) talented colleagues, spanning two continents. Your charge? To help us build a pain-free world, powered by technology, enhanced by people — accessible to all.

The Senior Manager, Information Security is a role responsible for setting the strategic direction for information security within the company. This role will oversee and coordinate various security initiatives and programs, ensuring alignment with the company's business objectives and compliance requirements. The Senior Manager, Information Security will also play a crucial role in leading the incident response function, ensuring prompt and effective response to security incidents.

What you'll be doing:

• Strategic Leadership: Collaborate closely with the Director of Risk and Compliance to define and oversee the execution of the company's information security strategy, ensuring alignment with business goals and compliance standards.
• Program Management: Coordinate and manage various security initiatives, from risk assessments to security tool implementations, ensuring timely completion and effectiveness.
• Incident Response: Lead the incident response process, ensuring that security breaches or vulnerabilities are addressed promptly and effectively.
• Cloud Security Oversight: Ensure that all cloud-based applications, infrastructure, and data (hosted primarily in GCP with some assets in AWS) are secure and compliant with industry standards.
• Collaboration: Work closely with technical teams, especially those in Infrastructure and Data, to ensure security best practices are integrated throughout the organization. Facilitate efficient interactions with other teams as necessary, especially given the company's global presence.
• Continuous Improvement: Stay updated on the latest security threats, trends, and technologies to ensure the company's security measures are up-to-date and effective.

What you need to have:

• Minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or equivalent experience.
• Experience working in companies with security certifications such as ISO 27001 or SOC 2
• Familiarity with cloud platforms, especially Google Cloud Platform (GCP) and Amazon Web Services (AWS).
• Familiarity with Kubernetes and Infrastructure-as-Code practices.
• Understanding of compliance requirements, especially HIPAA and GDPR.
• Excellent communication and collaboration skills.
• Strong problem-solving and analytical skills.
• Proven ability to work in a fast-paced environment and manage multiple projects simultaneously.
• Strong attention to detail and ability to deliver high-quality work.

Bonus Points or We'd Love to see:

• Preferred certifications include CISSP, CISM, PMP, and other relevant security or project management certifications.
• Experience working with Security tools such as Snyk, Wiz, SentinelOne, Croudstrike, Expel, Sophos MDR, Qualys, Nessus (including open-source alternatives)
• Experience working in companies with security certifications such as PCI-DSS, HITRUST, or FedRamp

*Please note that this position does not offer relocation assistance. Candidates must possess a valid EU visa and be based in Portugal.

US Sword Benefits:

*Eligibility for Essential benefits: Full-time employees regularly working 25+ hours per week

Comprehensive health, dental and vision insurance 

Equity Shares

401(k)

Discretionary PTO Plan

Parental leave

US Sword Perks:

Flexible working hours

Remote-first Company

Internet Stipend for remote working

Paid Company Holidays

Free Digital Therapist for you and your family

Portugal - Sword Benefits:

Health, dental and vision Insurance

Meal Allowance

Equity Shares

Portugal - Sword Perks:

Remote Work Allowance

Flexible working hours

Work from home

Unlimited Vacation

Snacks and Beverages

English Class

Unlimited access to Coursera Learning Platform

*US Applicants Only: Applicants must have a legal right to work in the United States, and immigration or work visa sponsorship will not be provided.*

SWORD Health, which includes SWORD Health, Inc. and Sword Health Professionals (consisting of Sword Health Care Providers, P.A., SWORD Health Care Providers of NJ, P.C., SWORD Health Care Physical Therapy Providers of CA, P.C.*) complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.