At NorthStar Memorial Group, we choose collaboration over bureaucracy. Here, everyone has a chance to lead. We encourage & empower our people at every level to speak up, be heard, and watch their ideas become realities.
NorthStar Memorial Group is seeking a Hybrid IT Security and Compliance Manager in Houston, TX to achieve our company�s data security and compliance objectives.
The IT Security and Compliance Manager is a technical, hands-on role, responsible for designing, administering, and providing leadership for the organization�s information security and compliance program. You can expect your time to be shared between the following focus areas: Information Security 50%, Team Management 30%, Compliance 10%, Risk Management 10%.
Responsibilities
- Serve as Subject Matter Expert on cybersecurity and compliance
- Advise the VP of IT, CIO, and other executives on the best strategies for optimizing the security of data systems, information assets, and general business processes
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
- Manage and provide hands-on leadership for the department�s incident response activities, including testing, investigation, containment, and recovery efforts, as needed.
- Manage information security personnel
- Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
- Implement and oversee technological upgrades, improvements and major changes to the information security environment
- Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
- Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
- Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities.
- Conduct regular training sessions and workshops to educate employees about the latest information security and compliance policy updates
- Manage NorthStar�s third-party risk management program.
- Advise department heads on data privacy best practices.
- Stay up to date on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
- Conduct assessments and audits to measure and evaluate and document disaster recovery programs
Qualifications
- Proven work experience as a System Security Engineer or Information Security Engineer
- Minimum of 3-5 years of management experience in cyber-security.
- Bachelor's degree in Computer Science, Information Technology, or equivalent experience.
- CISSP, CISM, CEH, or other security certifications.
- Strong knowledge of security principles and best practices, such as NIST, ISO 27001, and CIS security controls.
- Hands-on experience with security technologies such as firewalls, IDS/IPS, log and event management, content filtering, endpoint detection and response, and vulnerability scanning tools.
- Detailed technical knowledge of database and operating system security
- Knowledge of core Information Security concepts related to Governance, Risk & compliance
- Familiarity with security-related regulations, such as CCPA, SEC Cyber 7, and PCI-DSS.
- Excellent analytical, problem-solving, and troubleshooting skills.
- Ability to travel approximately 5%
We are an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, gender identity, national origin, disability, or veteran status.
#INDCORE1