IT Security Incident Manager

Office Location: Houston, Texas (Onsite)

About the Role:

Responsible for enterprise cybersecurity programs and activities including data protection, incident response, threat management, vulnerability management, security architecture, security risk management, awareness training, policies and standards.

Day to Day:
• Work with third party security providers including SOC providers, managed security, MDR, pen testing, vulnerability scan providers, risk assessment and auditors.
• Develop and enhance governance, information risk, compliance (GRC) and information security programs related to system and data protection efforts across the company.
• Utilize a risk-based approach to manage information security.
• Serves as primary cyber-security threat expert keeping apprised of emerging industry trends and strategies to mitigate threats.
• Maintain and update incident response plans and lead incident response activities.
• Maintain and update information security policies, requirements, and standards.
• Develop, enhance and manage the security awareness program including employee phishing and social engineering exercises.
• Develop innovative ways to provide security awareness.
• Coordinate software development security code review.
• Lead the security evaluation of new and existing technologies and standardize system security configurations.
• Review third party contracts for security and data protection purposes.
• Participate in BC/DR plans by implementing security best practices.
• Secure network architectures
• Identity and access management principals
• Cloud security best practices
• Risk management frameworks
• Virtualization technologies
• Incident response methodology and management
• Penetration and vulnerability management systems
• Secure coding practices
• Experience implementing security standards including NIST Cybersecurity Framework, ISO 27000 series, PCI-DSS, HIPAA and CIS Critical Security Controls
• Strong problem solving, decision-making skills
• Ability to prioritize and manage multiple tasks in a high-energy environment
• Ability to document policies, standards, requirements and procedures
• Ability to maintain confidential and/or proprietary information
• Display strong interpersonal skills with the ability to create and maintain solid working relationships
• Cybersecurity training programs including phishing, social engineering and compliance

Experience:
• Needs to have experience with GRC and Audit
• Minimum of 3 years work experience
• Certifications (PLUS): Certified Information Systems Security Professional(CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Cloud Security Professional (CCSP)
• Bachelor's Degree