Information Security Manager jobs in Odessa, TX

POSITION PURPOSE

As the Information Security Incident Manager, you will be at the forefront of our cyber defense strategies. This role

involves overseeing incident response and ensuring the bank remains proactive against emerging threats. This

candidate will be responsible for developing and implementing a comprehensive strategy for information security

incident response operations. The successful candidate demonstrates strong knowledge of technology risk

management, experience with the information security controls, communicates well, is trustworthy in confidential

matters, maintains credibility with stakeholders, and his/her capabilities and energies to meet business objectives.

This role is expected to have a thorough understanding of complex IT systems and stay up to date with the latest

security standards, systems, and authentication protocols, as well as best practice security products. This person

will work closely with key stakeholders to ensure the proper information security controls are in place to minimize

risk and ensure compliance with Information Security Policy, Standards and Controls, FFIEC, NIST, CIS Security

Standards, Data Privacy regulations and the Payment Card Industry – Data Security Standards (PCI-DSS).

This position will report directly to the Vice President of Architecture and Security Operations.

ESSENTIAL DUTIES AND FUNCTIONS

1. Incident Response:

• Mature the Tier 2 function within the Security Operations Center (SOC)

• Lead and mentor the incident response team in detecting, investigating, and mitigating security

incidents.

• Develop and refine incident response plans and procedures.

• Collaborate with other departments during incidents to ensure timely communication and

appropriate response.

• Conduct post-incident analysis to identify root causes and lessons learned, and drive process

improvements.

2. Strategic Leadership:

• Develop and implement a comprehensive strategy for information security incident response.

• In tandem with the Security Awareness team, foster a culture of security awareness across the Bank.

• Partner with senior leadership to align security priorities with business objectives.

3. Reporting & Communication:

• Provide regular updates on the security posture of the Bank to senior management.

• Engage with industry partners, law enforcement agencies, and other external entities as necessary.

• Ensure all regulatory reporting obligations related to security incidents are met.

4. Continuous Learning

• Encourage the team to stay updated with the latest cybersecurity trends, tools, and practices.

• Invest in training and certifications to enhance team capabilities.

• All other duties as assigned.

____________________________________________________________________________________

QUALIFICATIONS

• Minimum of 5 years in information security, with at least 3 years in a management role.

• Proven track record in managing incident response activities.

• Strong understanding of cloud and network security architecture and design.

• Knowledge of application, database, and web server secure design and implementation.

• Proven ability to effectively analyze and develop options that balance business needs with information

security threats.

• Advanced trouble-shooting and subject matter expertise with information security and technology tools.

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

• Experience developing and implementing security policies and/or standards.

• Excellent working knowledge of operating systems and related applications.

• Solid understanding of security protocols, cryptography, authentication, authorization, and security.

• Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as

appropriate.

• Strong analytical skills.

• Excellent communication and presentation skills.

• Able to work independently and be a self-starter, managing multiple tasks according to priorities, and results

oriented and proven ability to meet deadlines.

• Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly

determine, evaluate, and report on technology risk levels.

• Experience with data and analytics.

• Experience with dashboards and data visualization tools.

• Demonstrate working knowledge of industry standards (NIST CSF, NIST-800-53, CIS, PCI-DSS, ITIL).

• Building and managing relationships at all levels within the organization.

• Strong understanding of banking regulations and compliance requirements related to information security.

• Banking or Financial services industry highly preferred.

• Bachelor’s degree in computer science, Information Systems, or a related field. Advanced degrees preferred.

• Relevant certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.