Information Security and Compliance Manager

At NorthStar Memorial Group, we choose collaboration over bureaucracy. Here, everyone has a chance to lead. We encourage & empower our people at every level to speak up, be heard, and watch their ideas become realities.

Degreed & non-degreed professionals, labor workers, industry experts - people from all career and experiential backgrounds have the opportunity to find a home here.

NorthStar Memorial Group is seeking an IT Security and Compliance Manager to achieve our company's data security and compliance objectives.

This unique opportunity is perfect for individuals that want to build on their cyber security experience, are passionate about compliance, and want to make an impact.

The IT Security and Compliance Manager is a hands-on role, responsible for designing, administering, and providing leadership for the organization's information security and compliance program.

This includes developing, implementing, and maintaining an information security program that meets or exceeds the requirements of industry regulations, standards, policies, and legal requirements.

You can expect your time to be shared between the following focus areas : Information Security 60%, Compliance 20%, Risk Management 20%.

This position will be hybrid remote and based out of our Home Office, located in the Houston Galleria area.

Responsibilities :

• Serve as Subject Matter Expert on cybersecurity and compliance
• Advise the VP of IT, CIO, and other executives on the best strategies for optimizing the security of data systems, information assets, and general business processes
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities.
• Conduct regular training sessions and workshops to educate employees about the latest information security and compliance policy updates
• Manage NorthStar's third-party risk management program.
• Advise department heads on data privacy best practices.
• Stay up to date on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
• Ability to manage and provide hands-on leadership for the department's incident response activities, including testing, investigation, containment, and recovery efforts, as needed.
• Conduct assessments and audits to measure and evaluate and document disaster recovery programs

Requirements and Qualifications :

• Proven work experience as a System Security Engineer or Information Security Engineer
• Minimum of 3-5 years of management experience in cyber-security.
• Bachelor's degree in Computer Science, Information Technology, or equivalent experience.
• CISSP, CISM, CEH, or other security certifications.
• Strong knowledge of security principles and best practices, such as NIST, ISO 27001, and CIS security controls.
• Hands-on experience with security technologies such as firewalls, IDS / IPS, log and event management, content filtering, endpoint detection and response, and vulnerability scanning tools.
• Detailed technical knowledge of database and operating system security
• Knowledge of core Information Security concepts related to Governance, Risk & compliance
• Familiarity with security-related regulations, such as CCPA, SEC Cyber 7, and PCI-DSS.
• Excellent analytical, problem-solving, and troubleshooting skills.
• Ability to travel approximately 5%

We are an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, gender identity, national origin, disability, or veteran status.