Information Security Operations Lead

The Information Security Operations Lead is responsible for the operational execution, oversight, and continuous improvement of the Bank’s cybersecurity program, ensuring alignment with regulatory requirements (FFIEC, GLBA, NIST CSF) and enterprise risk management objectives.

This role translates the Information Security Officer's (ISO) strategic direction into measurable, tool-driven security operations, including security monitoring, identity and access management (IAM), incident response, and control enforcement.

The Operations Lead serves as the primary accountable leader for day-to-day cybersecurity operations, overseeing analysts and engineers and ensuring the effective use of security platforms, including SIEM, IAM, endpoint protection, and vulnerability management tools.

The ideal candidate is technical and possesses at least seven years of experience in technology and security administration across large heterogeneous networks, including third-party entities. Additionally, as a senior member of the information security team, the role requires leadership skills to coach and mentor less experienced staffers. Information Security Operations Lead is expected to manage the team and execute the security strategy as directed by senior management.

This position requires strong written and oral communication skills, as well as the ability to convey detailed technical information in a manner comprehensible to individuals with varying levels of experience and skill. This role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers. The Information Security Operations Lead also contributes to the company's IT security strategy and roadmap.

ESSENTIAL DUTIES

The duties listed below may not include all responsibilities that the person in this role may be asked to perform. Incumbent may be required to perform other related duties as assigned.

Security Operations

• Oversee daily security operations, including SIEM monitoring, alert triage, and escalation
• Ensure detection use cases are developed, tuned, and aligned to emerging threats
• Oversee configuration, optimization, and integration of security tools (SIEM, EDR, email security, vulnerability management)
• Ensure security controls are properly implemented across systems and platforms
• Drive automation and orchestration initiatives to improve operational efficiency
• Maintain system documentation, baselines, and configuration standards

Incident Response

• Act as primary escalation point for security incidents and SOC activities
• Lead coordination of incident response across IT and business units
• Ensure timely containment, eradication, and recovery of security incidents
• Maintain and test incident response playbooks and procedures
• Conduct post-incident reviews and implement corrective actions
• Integrate threat intelligence into monitoring and detection capabilities

Identity and Access Management (IAM)

• Oversee user provisioning and deprovisioning processes
• Conduct and enforce periodic access reviews and certifications
• Ensure implementation of MFA, SSO, and privileged access controls
• Enforce least privilege and segregation of duties
• Improve and automate access management processes

Compliance and Risk Management

• Execute and maintain security controls aligned with FFIEC, GLBA, and NIST CSF
• Support internal and external audits, including evidence collection and remediation tracking
• Perform and support risk assessments and control validation activities
• Ensure enforcement of security policies and procedures across the organization

Reporting and Metrics

• Develop and track key performance indicators (KPIs) and key risk indicators (KRIs)
• Provide operational reporting to the ISO
• Identify trends and implement improvements to strengthen the security posture

Team Leadership and Collaboration

• Supervise and mentor security analysts and engineers
• Assign tasks and ensure appropriate operational coverage
• Foster a culture of accountability, collaboration, and continuous learning
• Partner with IT, application teams, and business units to embed security into operations
• Participate in change management and project initiatives to ensure secure implementation

These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skills, and/or abilities required to perform the position satisfactorily. Individual abilities may lead to deviations from these guidelines.

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience)
• 5–8 years of experience in information security or cybersecurity operations
• Hands-on experience with security technologies, including SIEM, EDR, IAM, and vulnerability management tools
• Experience and understanding of various regulatory requirements and laws, such as, but not limited to, Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), Health Information Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO 17799, ITIL or NIST.
• Extensive knowledge of SSO, MFA, Active Directory (AD), public key infrastructure (PKI), privileged accounts, and integration application programming interface (API) capabilities.
• Experience administering IDAM systems, access controls, security, and risk management, as well as a security governance framework at scale.
• Track record acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Strong understanding of security frameworks and regulatory requirements (e.g., NIST CSF, FFIEC, GLBA)
• Experience supporting audits, risk assessments, and control validation activities
• Demonstrated leadership or supervisory experience in a security or IT environment
• Strong analytical, problem-solving, and communication skills

Preferred Qualifications

• Professional certifications such as CISSP, CISM, or Security
• Experience in financial services or other highly regulated environments, with familiarity in FFIEC-aligned controls
• Experience with identity and access management (IAM) solutions, including access governance, provisioning, and privileged access controls
• Familiarity with cloud security practices in environments such as Azure or AWS
• Knowledge of security operations technologies, including SIEM, EDR, and vulnerability management tools Understanding of authentication and access control technologies, including MFA, SSO, and directory services

PERFORMANCE EXPECTATIONS

Success in this role will be measured by the following:

• Incident Response Effectiveness:
  Security incidents are identified, escalated, and resolved within defined service level targets (MTTD/MTTR)
• Access Management Compliance:
  Access reviews, certifications, and provisioning activities are completed accurately and within established timelines
• Vulnerability Management:
  Identified vulnerabilities are remediated within defined SLAs based on risk severity
• Audit and Compliance Performance:
  Audit findings and control gaps are remediated on time with minimal repeat issues
• Security Monitoring Coverage:
  Security tools and monitoring capabilities provide effective and consistent coverage across critical systems
• Operational Metrics and Reporting:
  KPIs and KRIs are maintained, tracked, and reported accurately to support management and regulatory reporting
• Process Improvement:
  Continuous improvements are implemented to enhance detection, response, and operational efficiency

ORGANIZATION

• This position reports to the Information Security Officer (ISO)
• This position does not oversee other positions

TRAINING REQUIREMENTS

All employees are required to attend scheduled mandatory training courses and complete online regulatory compliance training courses applicable to their specific job function. In all situations, employees must ensure that their actions fully comply with federal banking laws and regulations, as well as internal bank policies and procedures. Failure to adhere to these requirements will be grounds for disciplinary action, including probation and possible termination.

COMMUNITY INVOLVEMENT

Lone Star National Bank’s Mission Statement includes a commitment to helping our communities grow by serving them with pride and integrity.  All employees are encouraged to volunteer for bank-sponsored activities, civic, charitable, and community events, and to be active in the communities we serve.

ATTENDANCE

Punctuality and regular attendance should be regarded as essential functions of any position at Lone Star National Bank.

Among other things, "good attendance habits" mean the following:

• Be at your workstation ready for work by the start of each workday
• Remain at your workstation, unless the needs of the job require being elsewhere, except during authorized breaks (including restroom breaks)
• Take only the time normally allowed for breaks
• Call in and notify your supervisor or another member of management if you are going to be either absent or tardy
• Alternate work arrangements such as telecommuting or working from home are not permitted by Lone Star National Bank

LSNB is an Equal Opportunity/Affirmative Action Employer and does not discriminate in the recruitment, hiring, and conditions of employment on the basis of race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, marital status, disability, age, veteran status, or any other status as protected by applicable laws.

Management reserves the right to change this position description at any time according to business needs.