Department: Information System Reports To SVP/Chief Information Officer
Employment Status: Full-Time Classification: Exempt
Location: Houston, TX- Required
Position Summary
We seek an experienced IT Security Specialist to design, implement, and administer cybersecurity measures to protect our organization's IT infrastructure, systems, and data assets. The ideal candidate will have a strong background in information security, focusing on developing and maintaining robust security policies, procedures, and technologies. This role requires a proactive individual with excellent analytical skills and a commitment to staying ahead of emerging threats and vulnerabilities.
Duties and Responsibilities
Security Strategy and Planning:
-
Develop and implement a comprehensive cybersecurity strategy aligned with organizational goals, regulatory requirements, and industry best practices.
-
Conduct risk assessments and vulnerability scans to identify potential security gaps and prioritize remediation efforts.
-
Collaborate with internal stakeholders to define security requirements and integrate security controls into IT systems and processes.
Security Architecture and Infrastructure:
-
Design and implement security architecture for networks, systems, and applications, including firewalls, intrusion detection/prevention systems, and encryption mechanisms.
-
Configure and manage security tools and technologies to monitor and detect security incidents, such as SIEM (Security Information and Event Management) systems.
-
Conduct regular security assessments and penetration testing to evaluate the effectiveness of security controls and identify areas for improvement.
Incident Response and Management:
-
Develop and maintain incident response plans and procedures to effectively respond to and mitigate cybersecurity incidents.
-
Lead incident response activities, including containment, eradication, and recovery, in collaboration with IT teams and external partners as necessary.
-
Conduct post-incident analysis and lessons learned sessions to improve incident response capabilities and prevent future incidents.
Security Awareness and Training:
-
Design and deliver cybersecurity awareness and training programs for employees to increase awareness of security risks and promote best practices.
-
Develop educational materials and resources on cybersecurity topics, such as phishing awareness, password security, and data protection.
Compliance and Regulatory Requirements:
-
Ensure compliance with relevant cybersecurity regulations and standards, such as PCI DSS and NCUA regulations.
-
Conduct regular audits and assessments to verify compliance with security policies and requirements, addressing any non-compliance issues promptly.
-
Oversight of application and vendor management and selection, including requesting and reviewing SOC-2 documentation.
Knowledge and Skills
-
Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree or relevant certifications (e.g., CISSP, CISM, CEH) is preferred.
-
Proven experience (3+ years) in IT security roles, focusing on designing and implementing cybersecurity initiatives in a financial services environment.
-
Deep understanding of cybersecurity principles, technologies, and best practices, including network security, encryption, access control, and incident response.
-
Experience with security assessment tools and techniques, such as vulnerability scanning, penetration testing, and threat intelligence analysis.
-
Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
-
Excellent communication and collaboration skills, with the ability to interact with stakeholders at all levels and translate technical concepts into non-technical language.
ADA Requirements
Perform primarily sedentary work with limited physical exertion and occasional lifting up to 5 lbs. Must be capable of climbing/descending stairs in emergency situation. Must be able to operate routine office equipment including telephone, copier, facsimile, and calculator. Must be able to routinely perform work on computer for an average of 6-8 hours per day. Must be able to work extended hours whenever required or requested by management. Must by capable of regular, reliable and timely attendance.