Overview
H-E-B is one of the largest, independently owned food retailers in the nation operating over 420+ stores throughout Texas and Mexico, with annual sales generating over $34 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 145,000+ Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.
Responsibilities
H-E-B is a leading innovator in technology, and our Information Solutions Partners collaborate to design, construct, implement, and support technology solutions to help make us the Greatest Retailing Company.
As an Information Security Manager I, you will coordinate the efforts of the Info Security Office, including all staff, technology, projects, and incident response. You will provide support across H-E-B, including IT, HR, privacy, loss prevention, fraud, legal, and other departments; and will identify security initiatives and standards. You will manage contract and service provider personnel.
Do you have a:
HEAD FOR BUSINESS... capability to communicate your tech knowledge as it applies to long-term plans?
HEART FOR PEOPLE... an ability to manage technical processes and still get the best from your Team?
PASSION FOR RESULTS... initiative and drive to get your Team to follow through to an outcome?
We are looking for:

• a related degree or comparable formal training, certification, or work experience
• IT Security Certification
• a solid technical background in system delivery

What is the work?
Management:

• Oversees a team of security personnel who safeguard
• H-E-B assets, intellectual property, information systems, and physical security of data centers and control facilities
• Coordinates hiring, training, and evaluation of security personnel and the development of education / training programs to ensure appropriate awareness of security policies, procedures, and standards
• Manages / supports audit and disaster recovery exercises
• Develops and maintains budgeting models, monthly forecasts, and monthly security metrics reports
• Proactively adapts to meet new challenges and changes at H-E-B and global technical security directions; understands and relays H-E-B's business needs and challenges; recommends strategies
• Leads a high-performing, motivated work group by applying interpersonal communication and collaboration skills to achieve security goals and realize value
• Assigns / assists team members in workload prioritization
• Works collaboratively within the team, with external parties (e.g., vendors, third parties), and internal groups (e.g., business units, application teams, architectural teams) to achieve desired results and meet H-E-B goals
• Develops associate team members through mentoring and review of their various deliverables
• Maintains relationships with other vendor regulatory bodies and local, state, and federal law enforcement and other related government agencies

Information Security:

• Develops / maintains a security awareness program to support information security standards and procedures
• Collaborates with IT personnel from other companies around the world to ensure consistency and share leading practices
• Researches, provides guidance, and then applies IT security developments H-E-B-wide
• Maintains highly developed knowledge of security best practices and technologies
• Oversees information security reports / presentations
• Manages the development and implementation of H-E-B security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security
• Oversees incident response planning, as well as the investigation of security breaches; assists with disciplinary / legal matters associated with such breaches as necessary

Strategy:

• Assists in building strategic roadmaps to include 1, 3, & 5 year plans for work unit(s)
• Adapts to meet new challenges and changes in H-E-B and technical security direction and understand the business needs and challenges to recommend strategies
• Defines, budgets, and coordinates implementation of the info security technical strategic, staffing, and training plan
• Identifies protection goals, objectives, metrics consistent with H-E-B - s strategic plan / risk assessment methodology
• Researches, provides guidance, and then applies developments in the IT security industry to H-E-B

Preferred Education and Experience

• A related degree or comparable formal training, certification, or work experience
• 3+ years of experience leading technology professionals
• Supervisory experience
• A solid technical background with experience in system delivery including SDLC methodologies
• IT Security Certification, such as CISSP or CISM
• Experience developing enterprise security metrics and reporting
• Experience with, and application of, common info security management frameworks, such as International Organization for Standardization (ISO) 27001/2 and the ITIL, COBIT, and National Institute of Standards and Technology (NIST) frameworks
• Experience in secure coding practices, threat modeling, vulnerability / risk assessment, security architecture reviews, and developing security requirements and strategies
• Experience with security architecture, vulnerability management, application security, incident management, security incident, networking, and info technology operations
• Experience with enterprise-level security assessments, including performing security and vendor risk assessments for SaaS, PaaS, and IaaS

Preferred Key Competencies

• Excellent technical knowledge of mainstream operating systems (for example, MS Windows, Macintosh, Linux), and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools
• Strong technical knowledge of networking, data structures, directory systems, internet, and security and regulatory frameworks including ISO 27001, GLBA, SOX, PCI, FFIEC, etc.
• Strong working knowledge of pertinent law and the law enforcement community
• Solid understanding of IT and information security
• Excellent speaking, presentation, and writing skills
• Strong leadership skills
• Articulate and influential leadership skills
• Ability to serve as an effective member of the management team
• Ability to communicate security-related concepts to a broad range of technical and non-technical staff

Physical and Other Requirements

• Function in a fast-paced, retail, office environment
• Travel by car or airplane with overnight stays
• Sit for an extended period of time
• Work extended hours

#LI-TM1
#ISSEC3232