Skip to main content

Welcome to our Careers page!

Option 2: Create a New Profile

Information Security Manager

Job Title
Information Security Manager
Position ID
27647233
Location
The Woodlands,  TX 77380
Other Location
Description

Position Specific Description

MP2 is looking to enhance our IT organization with an Information Security Manager who will be implementing and ensuring information security and data privacy policies across the company.  This role is critically important to ensure MP2 has strong cyber defense mechanisms and compliance with IT control frameworks.  This role will report to the EVP of Technology and work very closely with senior leadership across MP2 to review current policies and support coordination with organizational information risk management and data privacy teams.

Job Duties & Responsibilities

  • Partners with the leadership team to develop information security strategy that balances company’s strategic aspirations with the risk appetite and compliance to external regulations.
  • Oversees variety of cybersecurity and risk management activities related to IT to enable the ability to take on future business opportunities in a secure manner.
  • Provides guidance and advice on information security to the CTO and IT Management.
  • Ensures that IT related business risks are identified, evaluated, analyzed, mitigated, managed, monitored and communicated for any current and new system procurement
  • Creates a company-wide action plan to protect company and client information, monitor cyber threats and manage IT security incidents.
  • Leads the design, development, and implementation of IT security policies and procedures.
  • Analyzes information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss; monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security
  • Coordinates the implementation of incident response plans and procedures in the event of IT security incident, provides support and in-house consulting.
  • Responsible for information security awareness program for all employees and contractors. Establishes metrics to measure the effectiveness.
  • Promotes a culture of risk, security, compliance and continual improvement.
  • Develop and maintain security, compliance and data privacy metrics
  • Works with legal and/or compliance function to ensure all information owned, controlled or collected by the company is stored or processed in accordance with applicable laws and regulations (such as Data Privacy).
  • Will project manage the implementation of information security vulnerability assessments as well as closing any gaps found.
  • Identifies other (non-regulatory) IT security standards requirements and leads efforts to achieve compliance (such as Payment Card Industry Data Security Standard).

Essential Skills and Experience

  • Knowledge of security controls, data ownership and classification, threat management, and risk management.
  • Solid understanding of information security practices, systems, and standards.
  • Advanced understanding of various network systems and related security applications.
  • Strong organizational and project management skills with the ability to manage timelines and prioritize workload.
  • Exceptional verbal communication and technical writing skills with an ability to effectively interact with and convey information to people who possess varying levels of understanding on applicable topics.
  • Strong cross-departmental relationship building
  • Ability to work with leadership to determine risk weighting against business functions

Preferred Skills

  • Thorough understanding of information technology frameworks such as COBIT or NIST.
  • Good understanding of assessing, utilizing, supporting and/or maintaining of logical and physical security architectures and technologies including but not limited to IPS/IDS, firewall, SIEM, VPN, anti-virus, email, web, data, video, physical access control hardware and related operating systems & supporting software.
  • Experience in the energy sector, specifically with a retail electric provider preferred

Qualifications and Education Requirements

  • Over 5 years of experience with Information Technology- directly related to the Information Security Area
  • Hands on experience conducting information security risk assessments, remediation of findings, and implementation of the resulting controls.
Nice to have:
  • Bachelor's degree in Information Systems, Computer Science or a related discipline preferred, or an equivalent amount of directly related work experience.
  • One or more of the following certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Certified Information Systems Auditor (CISA)
    • Certified in Risk and Information Systems Control (CRISC)

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.