SUMMARY: A well-known Houston entity is seeking an experienced Information Technology Security Manager to join their team.
RESPONSIBILITIES: A well-known Houston entity is seeking an experienced Information Technology Security Manager to join their team. In this role, you will be responsible for cybersecurity programs and activities across the organization in a highly visible and empowered role. You will develop governance and standards for data protection, incident response, security architecture, Security Risk Management, threat management, vulnerability management, awareness training, policies and standards.
Responsibilities include:
- Work with third party security providers including SOC providers, managed security, MDR, pen testing, vulnerability scan providers, risk assessment and auditors.
- Develop and enhance governance, information risk, compliance (GRC) and information security programs related to system and data protection efforts across the company.
- Utilize a risk-based approach to manage information security.
- Serves as primary cyber-security threat expert keeping apprised of emerging industry trends and strategies to mitigate threats.
- Maintain and update incident response plans and lead incident response activities.
- Maintain and update information security policies, requirements, and standards.
- Develop, enhance and manage the security awareness program including employee phishing and social engineering exercises.
- Develop innovative ways to provide security awareness.
- Coordinate software development security code review.
- Lead the security evaluation of new and existing technologies and standardize system security configurations.
- Review third party contracts for security and data protection purposes.
- Participate in BC/DR plans by implementing security best practices.
- Position requires routine face-to-face personal interaction with departmental staff and other personnel; therefore, job responsibilities must be physically performed in the offices and not in a telecommuting manner.
REQUIREMENTS:
- Bachelor's degree from a four-year accredited college or university in Computer Science, Management Information Systems or related field required.
- Minimum three (3) to five (5) years applicable work experience preferred.
- Strong problem solving and decision-making skills.
- Ability to prioritize and manage multiple tasks in a high-energy environment.
- Ability to document policies, standards, requirements and procedures.
- Ability to maintain confidential and/or proprietary information.
- Display strong interpersonal skills with the ability to create and maintain solid working relationships.
Experience with:
- Secure network architectures
- Identity and access management principals
- Cloud security best practices
- Risk management frameworks
- Virtualization technologies
- Incident response methodology and management
- Penetration and vulnerability management systems
- Cybersecurity training programs including phishing, social engineering, and compliance.
- Secure coding practices
- Experience implementing security standards including NIST Cybersecurity Framework, ISO 27000 series, PCI-DSS, HIPAA and CIS Critical Security Controls