Information Security Manager, Cyber Security at H-E-B
H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 109,000+ Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.
Our Partners thrive The H-E-B Way. As an Information Security Manager, you would have a…
HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
What you’ll do at H-E-B:
The Information Security Manager is a high-level security position that will help enable H-E-B’s DevSecOps journey. This position reports to and performs tasks under the direction of the Director of Information Security. This is a hands-on management position that requires advanced technical skills, as well as management abilities. The role will coordinate the efforts of the Information Security Office with H-E-B’s Digital organization and business areas. Direct reports will include Security Engineers and Security Architects. Additionally, the Information Security Manager will be responsible for managing contract and service provider personnel.
- Partner with H-E-B Digital Delivery teams to define, implement and operate a platform support model that leverages DevSecOps principles
- Serve as an escalation point for H-E-B Digital support teams. Identify appropriate resolution to achieve stakeholder satisfaction in a timely manner.
- Enforce standard methodologies, processes and tools and ensure compliance to enterprise architecture, global information security policies and overall company strategy
- Facilitate challenging conversations where IT standards and business demands conflict to agree pragmatic solutions.
- Lead and work as part of a team of software and security engineers, with a high degree of freedom to design and build best-in-class offerings
- Point of contact for product teams as it relates to automation, CI/CD, DevOps and/or DevSecOps
- Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team
- Design and test solutions to unique and interesting challenges, including “negative” and fuzzy testing
- Improve the accessibility confidentiality, integrity, and accessibility of H-E-B's security through automation and continuous integration (CI/CD) pipelines
- Oversee a team of security engineers who safeguard the H-E-B-s assets, intellectual property, information systems and the physical security of H-E-B data centers and control facilities.
- Coordinate hiring, training, and evaluation of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards.
- Identify protection goals, objectives and metrics consistent with H-E-B's strategic plan and risk assessment methodology.
- Build strategic roadmaps to include 1, 3, & 5-year plans for work unit(s).
- Manage the development and implementation of H-E-B security policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
- Maintain relationships with other vendor regulatory bodies and local, state and federal law enforcement and other related government agencies.
- Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness and more.
- Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
- Work with outside consultants as appropriate for independent security audits.
Who You Are
- 5 years experience managing a team of at least 8 people
- Combined 10+ years of hands-on Software Development experience, with an emphasis on security.
- Deep understanding of SDLC, agile methodologies, values, and procedures.
- Microservices & cloud-native, and DevOps experience all a plus
- Possess working knowledge of AWS, GCP, or Azure cloud security patterns and controls
- Professional information security certification preferred - such as CISSP, CISM, etc.
- Working knowledge with industry standards such as HIPAA, ITIL, NIST, , OWASP, and ISO
- Strong background in managing resources in a multi-vertical business environment
- Background in application security, penetration testing, secure code development, and Agile software development
- Must have Agile project management experience with an understanding of metrics and reporting
- Must be an articulate and influential leader who can serve as an effective member of the management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff.
- Experience with business continuity planning, auditing, and risk management, as well as contract and vendor management preferred.
- Demonstrates expertise and/or a proven record of success identifying and addressing stakeholder needs by:
- Demonstrating technical delivery experience and/or deep knowledge of technology deployment and support
- Leading teams in a rapidly changing environment; seeking diverse views; coaching staff providing timely and meaningful feedback.
- Ability to enable simplification and efficiencies by identifying opportunities to leverage systems and investments across business areas and territories