Manager of Information Security Operations
Description:
The Information Security Operations Manager is responsible for overseeing and managing the security of the organization’s on-premises and cloud-based infrastructure and services. The hands-on manager works to ensure the confidentiality, integrity, and availability of the organization’s data and systems by implementing and maintaining robust security controls, monitoring and alerting systems, and incident response plans. The manager collaborates with cross-functional teams to design, implement, and optimize information and cyber security measures, mitigate risks, and ensure compliance with industry best practices and regulatory requirements. The manager enables and empowers their team by providing clear direction, proper tools, and skill development opportunities.
Essential Duties and Responsibilities: (List in order of importance the essential functions of the job and the approximate percentage of time spent on each of the activities; describe what must be accomplished, not how it must be done; include supervision or management responsibilities, quality and quantity standards, physical, mental, and perceptual functions of the job)
Cyber Security Strategy: Implement a comprehensive cyber security strategy aligned with the organization's objectives, policies, and regulatory requirements.
Infrastructure Security: Design and implement security controls for on-premises and cloud-based infrastructure, including endpoints, wireless, virtual networks, storage, computer resources, and databases, to protect against unauthorized access, data breaches, and other security risks. Security Assessments and Audits: Perform ongoing security assessments and participate in audits of the on-premises and cloud-based environment to identify vulnerabilities, mitigate and remediate issues, and ensure compliance with security best practices and regulatory frameworks.
Incident Response and Recovery: Develop and maintain incident response plans and procedures, ensure rapid response, containment, investigation, and recovery in the event of security incidents or breaches. Identity and Access
Management:
Implement and manage access controls for resources employing techniques such as identity and access management (IAM), role-based access control (RBAC), and adaptive multi-factor authentication (MFA).
Security Monitoring, Alerting, and Threat Intelligence:
Implement and manage security monitoring and alerting tools and techniques to detect and respond to security events while leveraging threat intelligence to stay informed about emerging threats and vulnerabilities.
Compliance: Ensure on-premises and cloud-based systems comply with relevant industry standards and specific regulatory requirements for data protection, privacy, and industry-specific information security guidelines. Optimization and Cost Management: Continuously identify opportunities to optimize spend by implementing cost-effective security solutions and monitoring security-related cloud spend. Secure Product Management: Participate in cross-functional product teams to ensure proper information security controls are applied during all phases of development, deployment, and operations.
Relentless Improvement: Maintain a high level of customer obsession within the team, continuously seeking opportunities for improvement.
Minimum Qualifications: (Education, Licensure, Experience, Knowledge, Skills, and Abilities)
Education: Bachelor’s degree in Computer Science, Information Security, or a related field or an equivalent amount of work and educational experience required.
Certification:
Relevant professional certifications such as CISSP, CCSP, CISM, or equivalent preferred
Experience:
Solid understanding of networking, operating systems, and directory services.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills with the ability to collaborate effectively with cross-functional teams.
Five years of information security experience with 3+ leading an information security program.
Knowledge, Skills, and Abilities:
Strong knowledge of security features in cloud computing platforms such as Microsoft Azure, Amazon Web Services (AWS), and/or Google Cloud Platform (GCP).
Demonstrable experience in information security operations designing and implementing security controls in on-premises and cloud-based environments.
In-depth understanding of information security best practices, frameworks, and compliance requirements.
Proficiency in information security tools and technologies, such as Secure Access Service Edge (SASE), Extended Detection and Response (XDR), Cloud Security Posture Management (CSPM) solutions, Security Information and Event Management (SIEM), and Cloud Access Security Brokers (CASB).
Familiarity with DevSecOps principles and practices to integrate security into on-premises and cloud-native application development and deployment processes.
Strong analytical and problem-solving skills with the ability and desire to identify and resolve complex information security issues.
Ability to learn about and cross-train team members on safely utilizing and protecting emerging technologies such as GenAI.
Excellent communication and interpersonal skills with the ability and desire to collaborate effectively with cross-functional teams.
Experience in managing and executing information security projects.
Physical Demands and Work Environment:
(The physical demands and work environment characteristics described herein are representative of those that must be met by an employee to successfully perform essential functions of this position and/or may be encountered while performing essential functions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
While performing the essential duties of this position, an employee would frequently be required to stand, walk, and sit.
Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus.
The noise level in the work environment is usually moderate.
Our company offers a dynamic hybrid work arrangement, which requires three days on-site, in the Sugar Land, TX office.