Information Security Manager – SecOps

By Tim Mektrakarn - CISSP | CISA | ISO 27001 | April 12, 2026

Bright Defense  ·  SecOps Team  ·  Now Hiring

Information Security Manager

SecOps — Continuous Monitoring & Client Risk Management

Full-Time Remote SecOps Compliance & Risk Focus

You’ll be the person clients trust to keep their security program on track between audits. This role lives at the intersection of technical rigor and clear communication — translating control monitoring, risk findings, and compliance gaps into actionable guidance that customers can act on.

About the role

As an Information Security Manager on the Bright Defense SecOps Team, you’ll manage a portfolio of customer security programs through asynchronous collaboration, lead continuous control monitoring, assess maturity, and develop risk management strategies that strengthen client security postures. You’ll work closely with Security Consultants, Offensive Security, and other SecOps functions — and serve as the primary written voice keeping customers informed on findings, progress, and next steps.

Key responsibilities

Portfolio management

  • Manage a portfolio of customer security programs with continuous oversight via async channels
  • Serve as the primary point of accountability for program health, milestone tracking, and escalation
  • Coordinate with assigned Security Consultants to align monitoring with each client’s overall strategy
  • Participate in internal syncs and contribute to broader SecOps objectives

Control monitoring & risk

  • Lead ongoing assessments of security controls against ISO 27001, SOC 2, NIST CSF, and other applicable frameworks
  • Monitor and evaluate control effectiveness, maturity levels, and residual risk exposure
  • Identify, track, and support remediation of control weaknesses and compliance gaps
  • Maintain current records of risk assessments, audit findings, and corrective action plans

Audit & compliance readiness

  • Review evidence and documentation to validate compliance posture across multiple frameworks
  • Support audit readiness for SOC 2, HIPAA, ISO 27001, PCI DSS, CMMC, and related engagements
  • Perform Third Party Risk Management assessments for new and existing vendors
  • Respond to security questionnaires on behalf of clients within a 5-business-day SLA

Reporting & communication

  • Prepare accurate, professional, and actionable written reports and customer updates
  • Deliver data-driven insights and recommendations with clarity and specificity
  • Ensure transparency across all customer-facing communications regarding monitoring, findings, and remediation status
  • Continuously improve reporting standards, evidence management, and monitoring methodologies

Cross-functional collaboration

Security Consulting
Offensive Security
SecOps Functions
Client Stakeholders

What we’re looking for

Security & compliance (required)
  • 3–6 years in information security, GRC, or compliance-adjacent roles
  • Hands-on experience with SOC 2, ISO 27001, NIST CSF, HIPAA, PCI DSS, or CMMC
  • Demonstrated ability to assess control effectiveness and document residual risk
  • Experience conducting or supporting security audits and evidence reviews
Risk management
  • Practical experience building or maintaining risk registers and treatment plans
  • Familiarity with Third Party Risk Management (TPRM) processes and vendor assessments
  • Ability to prioritize risk findings and translate them into business-level recommendations
  • Experience completing security questionnaires (RFP, SIG, CAIQ, custom)
Communication & async work
  • Exceptional written communication — client-facing reports, findings summaries, executive updates
  • Comfortable managing multiple engagements through async channels (Slack, email, project tools)
  • Able to communicate technical findings clearly to non-technical stakeholders
Tools & platforms
  • GRC platforms — Drata, Vanta, Thoropass, or equivalent
  • Asana or similar PM tools for task and program tracking
  • SafeBase or equivalent for security questionnaire management
  • Google Workspace or Microsoft 365 proficiency

Nice to have

  • CISA, CISM, CISSP, or CRISC certification
  • MSSP or consulting firm background
  • Experience supporting CMMC Level 2 or ITAR-adjacent programs
  • Familiarity with NYDFS 23 NYCRR Part 500 or other state-level frameworks
  • Exposure to cloud security environments (AWS, Azure, GCP)
  • Background in healthcare, defense, or fintech regulated industries

Performance benchmarks

5 days
SLA for security questionnaire responses
Monthly
written updates delivered to every active client
0 gaps
untracked audit findings at any point in time
Current
risk registers and corrective action logs maintained
Aligned
control monitoring mapped to each client’s framework scope
100%
TPRM assessments completed before vendor onboarding

Compensation & perks

  • Competitive base salary — range shared during screening
  • Remote-first with flexible working hours
  • Certification reimbursement (CISA, CISM, CISSP, CRISC, and others)
  • Direct collaboration with Bright Defense co-founders
  • Broad client exposure across defense, healthcare, and fintech verticals
  • Clear growth path toward Senior ISM or vCISO functions

Bright Defense is an equal opportunity employer. We build diverse, high-trust teams.

Job Category: Security Operations (SecOps)
Job Type: Full Time
Job Location: Remote

Apply for this position

Allowed Type(s): .pdf, .doc, .docx