H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 109,000+ Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.

Our Partners thrive The H-E-B Way. As an Information Security Manager, you would have a…

HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions

What you’ll do at H-E-B:

The Information Security Manager is a high-level security position that will help enable  H-E-B’s DevSecOps journey. This position reports to and performs tasks under the direction of the Director of Information Security. This is a hands-on management position that requires advanced technical skills, as well as management abilities. The role will coordinate the efforts of the Information Security Office with H-E-B’s Digital organization and business areas. Direct reports will include Security  Engineers and Security Architects. Additionally, the Information Security Manager will be responsible for managing contract and service provider personnel.

• Partner with H-E-B Digital Delivery teams to define, implement and operate a platform support model that leverages DevSecOps principles
• Serve as an escalation point for H-E-B Digital support teams. Identify appropriate resolution to achieve stakeholder satisfaction in a timely manner.
• Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall company strategy
• Facilitate challenging conversations where IT standards and business demands conflict to agree pragmatic solutions.
• Lead and work as part of a team of software and security engineers, with a high degree of freedom to design and build best-in-class offerings
• Point of contact for product teams as it relates to automation, CI/CD, DevOps and/or DevSecOps
• Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team
• Design and test solutions to unique and interesting challenges, including “negative”  and fuzzy testing
• Improve the accessibility confidentiality, integrity, and accessibility of H-E-B's security through automation and continuous integration (CI/CD) pipelines
• Oversee a team of security engineers who safeguard the H-E-B-s assets, intellectual property, information systems and the physical security of H-E-B data centers and control facilities.
• Coordinate hiring, training, and evaluation of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards.
• Identify protection goals, objectives and metrics consistent with H-E-B's strategic plan and risk assessment methodology.
• Build strategic roadmaps to include 1, 3, & 5-year plans for work unit(s).
• Manage the development and implementation of H-E-B security policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
• Maintain relationships with other vendor regulatory bodies and local, state and federal law enforcement and other related government agencies.
• Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness and more.
• Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
• Work with outside consultants as appropriate for independent security audits.

Who You Are

• 5 years experience managing a team of at least 8 people
• Combined 10+ years of hands-on Software Development experience, with an emphasis on security.
• Deep understanding of SDLC, agile methodologies, values, and procedures.
• Microservices & cloud-native, and DevOps experience all a plus
• Possess working knowledge of AWS, GCP, or Azure cloud security patterns and controls
• Professional information security certification preferred - such as CISSP, CISM, etc.
• Working knowledge with industry standards such as HIPAA, ITIL, NIST, , OWASP, and ISO
• Strong background in managing resources in a multi-vertical business environment
• Background in application security, penetration testing, secure code development, and Agile software development
• Must have Agile project management experience with an understanding of metrics and reporting
• Must be an articulate and influential leader who can serve as an effective member of the management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Experience with business continuity planning, auditing, and risk management, as well as contract and vendor management preferred.
• Demonstrates expertise and/or a proven record of success identifying and addressing stakeholder needs by:
• Demonstrating technical delivery experience and/or deep knowledge of technology deployment and support
• Leading teams in a rapidly changing environment; seeking diverse views; coaching staff providing timely and meaningful feedback.
• Ability to enable simplification and efficiencies by identifying opportunities to leverage systems and investments across business areas and territories