Our Partners thrive The H-E-B Way. As an Information Security Manager - Health and Wellness Focus , you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
What you'll do at HEB:
This is a hands-on management position which requires technical skills as well as management abilities. In addition, this position will provide support across H-E-B in a relation to information security and its integration into information technology, human resources, privacy, loss prevention, fraud, legal, and other departments and will identify security trends and issues with a particular focus on the Health and Wellness aspect of the business. Direct reports may include technical and support personnel such as Information Security Advisors and other Information Security practitioners.
THE ROLE:
Management :

• Oversees a team of security personnel who safeguard H-E-B assets, intellectual property, information systems, and physical security of data centers and control facilities concentrating on Health & Wellness (Pharmacy, Medical, Health Security models and methodologies) line of business.
• Coordinates hiring, training, and evaluation of security personnel and the development of education / training programs to ensure appropriate awareness of security policies, procedures, and standards including HIPAA, PCI, and other frameworks.
• Proactively adapts to meet new challenges and changes at H-E-B and global technical security directions; understands and relays H-E-B's business needs and challenges; recommends strategies.
• Leads a high-performing, motivated work group by applying interpersonal communication and collaboration skills to achieve security goals and realize value.
• Assigns / assists team members in workload prioritization.
• Works collaboratively within the team, with external parties (e.g., vendors, third parties), and internal groups (e.g., business units, application teams, architectural teams) to achieve desired results and meet H-E-B goals.
• Develops associate team members through mentoring and review of their various deliverables.

Information Security:

• Develops / maintains a security awareness to support information security standards and procedures in the H&W functional areas.
• Collaborates with IT personnel from other areas of H-E-B Digital to ensure consistency and share leading practices.
• Researches, provides guidance, and then applies IT security developments effecting patient information and privacy to Health & Wellness related projects.
• Maintains highly developed knowledge of security best practices and technologies.
• Oversees information security reports / presentations.
• Engages in the development and implementation of H-E-B security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security postures.

Strategy :

• Assists in building strategic roadmaps to include 1-, 3-, & 5-year plans for work unit(s)
• Adapts to meet new challenges and changes in H-E-B and technical security direction and understand the business needs and challenges to recommend strategies.
• Defines and coordinates implementation of the info security technical strategic, staffing, and training plan.
• Identifies protection goals, objectives, metrics consistent with H-E-B-s strategic plan / risk assessment methodology as it relates to the Health & Wellness practice.
• Researches, provides guidance, and then applies developments in the IT security industry to H-E-B.

REQUIRED :

• 5 years relevant work experience in Information Security field
• 5+ years in Information Security management preferably in a similar role.
• Professional information security certification preferred - such as CISSP, CISM, etc.
• Working knowledge with industry standards such as HIPAA, PCI, ITIL, NIST, SANS, COBIT, OWASP, and ISO Standards.
• Critical thinking and strong interpersonal skills are a must.
• Experience in running and managing a team of Security Analysts in an enterprise environment.
• Demonstrate understanding of Information Security and Networking controls within cloud and on-premise environments.
• A background in Cloud, Windows, and Unix security management and security controls.
• Experience working with a diverse team comprising managed service providers, contractors, and vendors focused on delivering robust security solutions and platforms.
• Strong background in managing resources in an enterprise multi-vertical business environment.
• Strong technical knowledge of networking, data structures, directory systems, internet, security, and other technologies.

RECOMMENDED :

• College Degree in related field

ISSEC3232