The Information Security Manager is a high-level security position which will help enable H-E-B’s DevSecOps journey. This position reports to and performs tasks under the direction of the Director of Information Security. This is a hands-on management position which requires advanced technical skills, as well as management abilities. The role will coordinate the efforts of the Information Security Office with H-E-B’s Digital organization and business areas. Direct reports will include Security Engineers and Security Architects. Additionally, the Information Security Manager will be responsible for managing contract and service provider personnel.
- Partner with H-E-B Digital Delivery teams to define, implement and operate a platform support model that leverages DevSecOps principles
- Design and test solutions to unique and interesting challenges, including “negative” and fuzzy testing
- Facilitate challenging conversations where IT standards and business demands conflict to agree pragmatic solutions.
- Oversee a team of security engineers who safeguard the H-E-B-s assets, intellectual property, information systems and the physical security of H-E-B data centers and control facilities.
- Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall company strategy
- Point of contact for product teams as it relates to automation, CI/CD, DevOps and/or DevSecOps
- Lead and work as part of a team of software and security engineers, with a high degree of freedom to design and build best-in-class offerings
- Serve as an escalation point for H-E-B Digital support teams. Identify appropriate resolution to achieve stakeholder satisfaction in a timely manner.
- Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team
- Improve the accessibility confidentiality, integrity, and accessibility of H-E-B’s security through automation and continuous integration (CI/CD) pipelines
- Experience with business continuity planning, auditing, and risk management, as well as contract and vendor management preferred.
- Demonstrates expertise and/or a proven record of success identifying and addressing stakeholder needs by:
- Demonstrating technical delivery experience and/or deep knowledge of technology deployment and support
- Leading teams in a rapidly changing environment; seeking diverse views; coaching staff providing timely and meaningful feedback.
- Ability to enable simplification and efficiencies by identifying opportunities to leverage systems and investments across business areas and territories.
Qualification & Experience:
- Professional information security certification preferred – such as CISSP, CISM, etc.
- Micro services & cloud-native, and DevOps experience all a plus
- Possess working knowledge of AWS, GCP, or Azure cloud security patterns and controls
- 5 years’ experience managing a team of at least 8 people
- Working knowledge with industry standards such as HIPAA, ITIL, NIST, , OWASP, and ISO
- Background in application security, penetration testing, secure code development, and Agile software development
- Deep understanding of SDLC, agile methodologies, values, and procedures.
- Combined 10+ years of hands-on Software Development experience, with an emphasis on security.
- Strong background in managing resource in a multi-vertical business environment
Vacancy Type: Full Time
Job Location: San Antonio, TX, US
Application Deadline: N/A
To apply for this job email your details to email@example.com