The Information Security Manager is a high-level security position which will help enable H-E-B’s DevSecOps journey. This position reports to and performs tasks under the direction of the Director of Information Security. This is a hands-on management position which requires advanced technical skills, as well as management abilities. The role will coordinate the efforts of the Information Security Office with H-E-B’s Digital organization and business areas. Direct reports will include Security Engineers and Security Architects. Additionally, the Information Security Manager will be responsible for managing contract and service provider personnel.
- Partner with H-E-B Digital Delivery teams to define, implement and operate a platform support model that leverages DevSecOps principles
- Serve as an escalation point for H-E-B Digital support teams. Identify appropriate resolution to achieve stakeholder satisfaction in a timely manner.
- Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall company strategy
- Facilitate challenging conversations where IT standards and business demands conflict to agree pragmatic solutions.
- Lead and work as part of a team of software and security engineers, with a high degree of freedom to design and build best-in-class offerings
- Point of contact for product teams as it relates to automation, CI/CD, DevOps and/or DevSecOps
- Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team
- Design and test solutions to unique and interesting challenges, including “negative” and fuzzy testing
- Improve the accessibility confidentiality, integrity, and accessibility of H-E-B’s security through automation and continuous integration (CI/CD) pipelines
- Oversee a team of security engineers who safeguard the H-E-B-s assets, intellectual property, information systems and the physical security of H-E-B data centers and control facilities.
- Coordinate hiring, training, and evaluation of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards.
- Identify protection goals, objectives and metrics consistent with H-E-B-s strategic plan and risk assessment methodology.
- 5 years’ experience managing a team of at least 8 people
- Combined 10+ years of hands-on Software Development experience, with an emphasis on security.
- Possess working knowledge of AWS, GCP, or Azure cloud security patterns and controls
- Professional information security certification preferred – such as CISSP, CISM, etc.
- Working knowledge with industry standards such as HIPAA, ITIL, NIST, , OWASP, and ISO
- Strong background in managing resource in a multi-vertical business environment
- Background in application security, penetration testing, secure code development, and Agile software development
- Must have Agile project management experience with firm understanding of metrics and reporting
- Must be an articulate and influential leader who can serve as an effective member of the management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff.
- Experience with business continuity planning, auditing, and risk management, as well as contract and vendor management preferred.
Vacancy Type: Full Time
Job Location: San Antonio, TX, US
Application Deadline: N/A