As an Information Security Manager I, you will coordinate the efforts of the Info Security Office, including all staff, technology, projects, and incident response. You will provide support across H-E-B, including IT, HR, privacy, loss prevention, fraud, legal, and other departments; and will identify security initiatives and standards. You will manage contract and service provider personnel.
Do you have a:
HEAD FOR BUSINESS... capability to communicate your tech knowledge as it applies to long-term plans?
HEART FOR PEOPLE... an ability to manage technical processes and still get the best from your Team?
PASSION FOR RESULTS... initiative and drive to get your Team to follow through to an outcome?
We are looking for:
- A related degree or comparable formal training, certification, or work experience
- IT Security Certification
- A solid technical background in incident management
- Manages Partners in a single functional area, or in multiple or complex functional areas; leads / manages daily coordination of technical staff and vendors
- Hires / maintains staffing / fires/ promotes / demotes / transfers / disciplines / approves raises; manages / develops / trains teams to achieve department goals; develops / delegates tasks to complete projects; manages communications with stakeholders
- Leads / coaches / provides effective feedback; provides day-to-day technical leadership; communicates connection between Partners and impact to operational objectives
- Provides leadership and expertise; participates in cross-functional initiatives; ensures Partners maintain sufficient technical knowledge; identifies training requirements
- Ensures area budget, schedule, and performance objectives are met
- Ensures all technology decisions align with H-E-B direction and focus on total cost of ownership
- Oversees / ensures quality improvement and consistency of security information analysis; ensures proper direction, implementation, understanding of new policies, programs, tools, and procedures
- Safeguard H-E-B assets, intellectual property, and information systems
- Manages / supports audit and disaster recovery exercises as required
- Develops and maintains monthly security metrics reports
- Assigns / assists team members in workload prioritization
- Maintains relationships with other vendor regulatory bodies and local, state, and federal law enforcement and other related government agencies
Information Security:
- Develops / maintains a security awareness program to support information security standards and procedures
- Collaborates with IT personnel from other companies around the world to ensure consistency and share leading practices
- Researches, provides guidance, and then applies IT security developments H-E-B-wide
- Maintains highly developed knowledge of security best practices and technologies
- Oversees information security reports / presentations
- Manages the development and implementation of H-E-B security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security
- Oversees incident response planning, as well as the investigation of security breaches; assists with disciplinary / legal matters associated with such breaches as necessary
- Assists in building strategic roadmaps to including multi-year plans for work unit(s)
- Adapts to meet new challenges and changes in H-E-B and technical security direction and understand the business needs and challenges to recommend strategies
- Defines, budgets, and coordinates implementation of the Info Security technical strategic, staffing, and training plan
- Identifies protection goals, objectives, metrics consistent with H-E-B's strategic plan / risk assessment methodology
- Researches, provides guidance, and then applies developments in the IT security industry to H-E-B
- A related degree or comparable formal training, certification, or work experience
- 5+ years of experience leading technology professionals
- Supervisory experience
- A solid technical background with experience in system delivery including SDLC methodologies
- Professional Cybersecurity Certification, such as CISSP or CISM
- Experience developing enterprise incident management related security metrics and reporting
- Experience in incident management, threat hunting, secure coding practices, threat modeling, security logging, networking, and developing security requirements and strategies
- Excellent technical knowledge of mainstream operating systems (for example, MS Windows, Macintosh, Linux), and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools
- Strong technical knowledge of networking, data structures, directory systems, internet, and security and regulatory frameworks including NIST CSF, ISO 27001, SOX, PCI, etc.
- Solid understanding of IT and information security
- Excellent speaking, presentation, and writing skills
- Strong leadership skills
- Ability to communicate security-related concepts to a broad range of technical and non-technical staff
- Function in a fast-paced, retail, office environment
- Travel by car or airplane with overnight stays
- Sit for an extended period of time
- Work extended hours