Information Security and Compliance Manager

NorthStar Memorial Group is seeking a Security and Compliance Manager to achieve our company’s data security and compliance objectives.

This unique opportunity is perfect for individuals that want to build on their cyber security experience, are passionate about compliance, and want to make an impact.

The Security and Compliance Manager is responsible for directing, managing, and providing leadership for the organization’s information security and compliance program.

This includes developing, implementing, and maintaining an information security program that meets or exceeds the requirements of industry regulations, standards, policies, and legal requirements.

This position will be hybrid remote and based out of our Home Office, located in the Houston Galleria area.

Responsibilities :

• Serve as Subject Matter Expert on cybersecurity and compliance
• Advise the VP of IT, CIO, and other executives on the best strategies for optimizing the security of data systems, information assets, and general business processes
• Conduct regular training sessions and workshops to educate employees about the latest information security and compliance policy updates
• Develop and implement security measures, policies, and procedures to protect systems and networks against unauthorized access, data breaches, and other security incidents.
• Review the existing security and compliance toolset and make recommendations for improvements.
• Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities.
• Manage NorthStar’s third party risk management program.
• Advise department heads on data privacy best practices.
• Stay up to date on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
• Manage the department’s incident response activities, including testing, investigation, containment, and recovery efforts, as needed.
• Conduct assessments and audits to measure and evaluate and document disaster recovery programs

Qualifications :

• Bachelor's degree in Computer Science, Information Technology, or equivalent experience.
• Minimum of 3-5 years of management experience in cyber-security, compliance, or risk management role.
• CISSP, CISM, CEH, or other security certifications.
• Strong knowledge of security principles and best practices, such as NIST, ISO 27001, and CIS security controls.
• Hands-on experience with security technologies, such as firewalls, IDS / IPS, SIEM, EDR, and vulnerability scanning tools.
• Strong knowledge of Windows Server operating systems, and Active Directory
• Knowledge of core Information Security concepts related to Governance, Risk & compliance
• Familiarity with security-related regulations, such as CCPA, SEC Cyber 7, and PCI-DSS.
• Excellent analytical, problem-solving, and troubleshooting skills.
• Ability to travel approximately 5%

We are an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, gender identity, national origin, disability, or veteran status.