H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service, and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 109,000+ Partners (employees), competitive compensation and benefits programs, and comprehensive training that leads to successful careers.
Our Partners thrive The H-E-B Way. As a Senior Information Security Advisor - Payments , you would have a...
HEART FOR PEOPLE... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
ROLE
As a Senior Info Security Advisor - Payments, you will work with key H-E-B personnel on security programs used to implement corporate standards, procedures, and guidelines to align with various compliance and risk requirements in the Payments (Ecommerce, POS, Financial Services) area. Responsibilities include coordinating security aspects of, and developing security designs for implementing and deploying hardware, software, tools, and programs by conducting risk assessments and risk acceptances for exiting platforms and new projects.
What you'll do

• Develop and review security configuration and operations standards for information security systems and applications.
• Recommends, develops, implements, and interprets Info Security control patterns, designs, procedures, policies, guidelines, and standards.
• Collaborates with business and IS teams to ensure solutions are aligned to H-E-B's security posture.
• Generates and maintains administrative documentation, such as architecture diagrams and system manuals, operational procedures, and operational processes.
• Monitors and drives project results against information security specifications.
• Perform security risk assessments and recommend risk mitigation strategies to ensure compliance with H-E-B security practices.
  Security / Administration :
• Performs analysis for enterprise security systems.
• Coordinates or conducts periodic security testing of controls (penetration tests, vulnerability analysis, etc.)
• Participate in incident response teams, including performing forensic / investigation services.
• Develops security processes / procedures; supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Plays an advisory role in application development or acquisition projects to assess security requirements and controls ensuring that security controls are implemented as planned.
• Reports to H-E-B management concerning risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance with established baselines.
• Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Maintains job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations.

Analytics :

• Research information security standards, conducts system security and vulnerability analyses, and risk assessments.
• Analyzes the results of audits (internal or external) to produce recommendations of acceptable risk and risk mitigation strategies.
• Provides monthly, quarterly, and ad-hoc strategic and operational risk reporting and analytics for trending, risk assessment, compliance, and active exception reporting.
• Determines security requirements by evaluating business strategies and requirements.
• Researches, evaluates, and recommends information security-related hardware and software, including developing business cases for security investments.
• Develops solutions by analyzing information requirements, determining systems architecture, components, and technologies, and by studying business operations and user-interface requirements.
  Auditing / Compliance:
• Assists with internal and external audits, including but not limited to PCI DSS and HIPAA.
• May performs physical site assessments of business partners, provides peer review of work product and deliverables; executes release of information analysis to third-party business partners.

REQUIRED

• 5+ years of experience working full-time as an Information Security Professional
• At least one professional security certification such as CISSP, CISA, CEH, applicable SANs programs, or other industry certifications (e.g., Cisco, Microsoft, VMware) preferred
• Experience in a PCI Compliant, financial, or payment processor
• Technical expertise in systems administration and security tools
• Experience developing information security standardized configuration guides and procedure
• Working knowledge of securing UNIX, Linux, Windows OS family, TCP/IP, and networking technologies; Web Application Servers such as Apache, Tomcat, and Microsoft IIS; and databases, including MySQL, MS SQL, and Oracle
• Familiarity with Business Continuity and Disaster Recovery process, procedures, testing; familiarity with retail environments
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff

RECOMMENDED

• Ability to understand the customer's perspective and tailor solutions according to H-E-B's security posture
• Ability to influence others
• Service-oriented
• Bachelor's degree preferred
  ISSEC3232