Information Security and Compliance Manager at NorthStar Memorial Group in Houston, TX
Apply for the Information Security and Compliance Manager position at NorthStar Memorial Group in Houston, TX. Find the best jobs for you effortlessly with InJob.AI, your ultimate solution for job search. Discover top job opportunities and streamline your job search process.
Job Description
<div> At NorthStar Memorial Group, we choose collaboration over bureaucracy. Here, everyone has a chance to lead. We encourage & empower our people at every level to speak up, be heard, and watch their ideas become realities. Degreed & non-degreed professionals, labor workers, industry experts – people from all career and experiential backgrounds have the opportunity to find a home here. <br/> <br/> NorthStar Memorial Group is seeking an <strong> IT Security and Compliance Manager </strong> to achieve our company’s data security and compliance objectives. This unique opportunity is perfect for individuals that want to build on their cyber security experience, are passionate about compliance, and want to make an impact. <br/> <br/> The IT Security and Compliance Manager is a hands-on role, responsible for designing, administering, and providing leadership for the organization’s information security and compliance program. This includes developing, implementing, and maintaining an information security program that meets or exceeds the requirements of industry regulations, standards, policies, and legal requirements. You can expect your time to be shared between the following focus areas: Information Security 60%, Compliance 20%, Risk Management 20%. This position will be hybrid remote and based out of our Home Office, located in the Houston Galleria area. <br/> <br/> <strong> Responsibilities <br/> <br/> </strong> <ul> <li> Serve as Subject Matter Expert on cybersecurity and compliance </li> <li> Advise the VP of IT, CIO, and other executives on the best strategies for optimizing the security of data systems, information assets, and general business processes </li> <li> Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks </li> <li> Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement </li> <li> Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes. </li> <li> Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities. </li> <li> Conduct regular training sessions and workshops to educate employees about the latest information security and compliance policy updates </li> <li> Manage NorthStar’s third-party risk management program. </li> <li> Advise department heads on data privacy best practices. </li> <li> Stay up to date on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture. </li> <li> Ability to manage and provide hands-on leadership for the department’s incident response activities, including testing, investigation, containment, and recovery efforts, as needed. </li> <li> Conduct assessments and audits to measure and evaluate and document disaster recovery programs <br/> <br/> </li> </ul> <strong> Requirements And Qualifications <br/> <br/> </strong> <ul> <li> Proven work experience as a System Security Engineer or Information Security Engineer </li> <li> Minimum of 3-5 years of management experience in cyber-security. </li> <li> Bachelor's degree in Computer Science, Information Technology, or equivalent experience. </li> <li> CISSP, CISM, CEH, or other security certifications. </li> <li> Strong knowledge of security principles and best practices, such as NIST, ISO 27001, and CIS security controls. </li> <li> Hands-on experience with security technologies such as firewalls, IDS/IPS, log and event management, content filtering, endpoint detection and response, and vulnerability scanning tools. </li> <li> Detailed technical knowledge of database and operating system security </li> <li> Knowledge of core Information Security concepts related to Governance, Risk & compliance </li> <li> Familiarity with security-related regulations, such as CCPA, SEC Cyber 7, and PCI-DSS. </li> <li> Excellent analytical, problem-solving, and troubleshooting skills. </li> <li> Ability to travel approximately 5% <br/> <br/> </li> </ul> We are an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, gender identity, national origin, disability, or veteran status. </div>
AI Powered Job Insights
Exciting opportunity for an IT Security and Compliance Manager at NorthStar Memorial Group! This role is perfect for those looking to make a significant impact in the field of cybersecurity and compliance while working in a collaborative environment. They are committed to empowering all employees to bring their ideas to life. 📍 Location: Houston, TX (Hybrid Remote) 💼 Position: IT Security and Compliance Manager ⏰ Type: Full-time 📅 Date Posted: 2024-07-17 Role Summary: - Manage and lead the organization's information security and compliance program. - Develop and implement security measures that meet industry standards and legal requirements. - Split focus areas with 60% on Information Security, 20% on Compliance, and 20% on Risk Management. What You'll Do: - Serve as a cybersecurity and compliance Subject Matter Expert. - Advise executives on strategies to optimize data security. - Develop security solutions to address vulnerabilities. - Perform vulnerability assessments and risk management activities. - Lead training sessions on security policies for employees. - Oversee third-party risk management initiatives. What's Needed: - Proven experience as a System Security Engineer or Information Security Engineer. - 3-5 years of management experience in cybersecurity. - Bachelor's degree in Computer Science or Information Technology. - Relevant security certifications (CISSP, CISM, CEH). - Familiarity with regulations such as CCPA, SEC Cyber 7, and PCI-DSS. - Excellent analytical and problem-solving skills. - Willingness to travel approximately 5%.
Top Interview Questions
- Q: Can you describe your experience with developing and maintaining an information security program? What frameworks do you typically utilize?
A: In my previous role, I was responsible for establishing an information security program that aligned with both NIST and ISO 27001 standards. This involved conducting a thorough risk assessment to identify vulnerabilities, implementing appropriate controls, and ensuring ongoing compliance through regular audits. I utilized a combination of technical tools and employee training to instill a culture of security awareness throughout the organization, enhancing our overall security posture.
- Q: How do you approach vulnerability assessments and what tools do you prefer to use?
A: I approach vulnerability assessments methodically by first identifying key assets and their associated risks. I typically use tools such as Nessus for automated vulnerability scans and Metasploit for penetration testing. After gathering the data, I prioritize vulnerabilities based on severity and potential impact, and develop action plans for remediation. Continuous monitoring and re-evaluation are critical, so I ensure regular assessments to adapt to new threats.
- Q: Describe a situation where you had to advise executives on cybersecurity strategies. What was your approach and what was the outcome?
A: In a previous position, I presented a cybersecurity strategy to the executive team after identifying gaps in our incident response plan. My approach involved outlining potential risks, recent industry breaches, and presenting a clear action plan that included improvements in our technology stack and employee training programs. The outcome was positive; the executives approved additional funding, which allowed us to enhance our security measures, ultimately reducing incident response times by 40%.
- Q: What are some best practices you advocate for managing third-party risk in an organization?
A: Managing third-party risk starts with a thorough due diligence process. I advocate for conducting security assessments and audits of vendors before partnership and including them in our ongoing risk management cycle. Additionally, I recommend establishing clear security expectations in contracts and creating incident response plans that involve these partners. Regular communication and reviews help ensure that vendors remain compliant and secure over time, reducing the overall risk to our organization.
- Q: How do you stay informed about the latest security threats and industry trends, and apply them to your work?
A: I stay informed through a combination of continuous education and active engagement with the cybersecurity community. I regularly read cybersecurity blogs, attend webinars, and participate in industry conferences like Black Hat. Additionally, I follow threat intelligence platforms and subscribe to newsletters from organizations like NIST. I apply this knowledge by periodically reassessing our security protocols and recommending updates to our strategies based on emerging threats, ensuring that we remain proactive in our defense.
Want to get matched with your dream job?
Try InJob.ai for Free and Get Matched 100s of such opportunities!
200+ professionals have found their dream job with InJob.ai this week.
Salary Benefits
Salary details not provided
Want to apply directly?
Apply for the Information Security and Compliance Manager position at NorthStar Memorial Group in Houston, TX using https://www.linkedin.com/jobs/view/3978492556
Similar Jobs found by InJob.AI
Open Systems Inc., Gainesville, GA
Vaco, Orlando, FL
Pantex Plant, Amarillo, TX
H&M, New York, NY
IBM, Essex Junction, VT
ION, New York, United States
Mitchell1, San Diego, CA
Tulsa City-County Library, Tulsa, OK
Frequently asked Questions
Still have a question? Check out our FAQ section below.
