Senior Manager, Information Security

We’re HCSS. We’re a software company based in Sugar Land, TX and we provide innovative solutions for the construction industry that help streamline their operations. Our mission at HCSS is helping customers achieve excellence through our proven, customer-centric, end-to-end solutions and exceptionally helpful service while providing a great life for our employees. With this mission at the forefront of everything we do, we’re recognized as a pioneer and leader in our market and nominated the “Best Companies to Work for in Texas” 15 years in a row. 

WHO WE NEED: 

Leading a team of Information Security professionals, the Senior Manager, Information Security will report to and be a strategic partner to the Vice President of Technology. You will serve as the focal point for all security-related communications with internal HCSS staff and external parties. In this role, you will collaborate with a diverse group of individuals from various internal organizational entities to manage the security and related infrastructure effectively. Your responsibilities include providing efficient security insight, organizing prevention and protection measures, and implementing strategies to minimize security risks. This is a highly visible role, interacting frequently with the Executive team and functional leaders. A successful candidate will have the capability to develop relationships with and work cross-functionally with all aspects of the business and with external stakeholders as needed. If you're a fit, the following should describe you: 

• At least 10 years of experience in security and compliance roles, preferably in the software industry, and 5 years of management experience.
• Have a comprehensive understanding of Information Security Frameworks (e.g. SOC, ISO 27001, NIST CSF, and Cyber Essentials).
• Extensive experience and working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS, and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment.
• Proficiency with security technologies such as IDS/IPS, vulnerability testing, and firewalls.
• Independent and proactive, with the capability to operate both solo and within team settings, effectively prioritizing tasks to meet deadlines.
• Possesses strong interpersonal and relationship-building competencies, fostering positive interactions and connections.
• Experienced in delivering clear and concise briefings, both written and verbal, to a range of stakeholders.
• Experience in conducting security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
• Advise senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process, and residual risk analysis.
• Relevant certifications such as CISSP, CCSFP or CISM

WHAT YOU’LL DO:

Team Leadership:

• Manage and mentor a small team of cloud security engineers.
• Foster a collaborative and innovative work environment.
• Set clear goals, provide regular feedback, and facilitate professional growth.

Technical Expertise:

• Understand cloud platforms (e.g., AWS, Azure, GCP) and their security features.
• Evaluate and implement security controls, including encryption, access controls, and network security.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Conduct vulnerability assessments and penetration testing.
• Familiarity with automation, scripting, and DevOps concepts.
• Stay updated on industry best practices and emerging threats.

Project Management:

• Plan, execute, and monitor security projects related to cloud infrastructure.
• Collaborate with cross-functional teams (DevOps, IT, compliance) to ensure successful project delivery.
• Manage project timelines, budgets and resources effectively.
• Work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (Pen tests, Vulnerability scans etc) of vendors and solutions (SaaS, IaaS providers and MSSP). 

Risk Management:

• Assess security risks associated with cloud services and applications.
• Develop and maintain security policies, procedures and standards.
• Implement risk mitigation strategies and incident response plans.

Communication:

• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices. 
• Translate complex technical concepts into clear communication for non-technical stakeholders.
• Collaborate with business leaders to align security initiatives with organizational goals.
• Present project updates, risks, and recommendations to senior management.

BENEFITS & PERKS:Part of our mission statement is to provide a great life for our employees. We believe that happy employees make for a better company, so we take care of them. Here are a few of the perks we offer:

• Flexibility for you to work in-office or hybrid.
• Medical and Dental Premiums. 
• On-site amenities include a covered basketball court, soccer field, 200-meter track, etc.
• 401K with match. 
• Tuition reimbursement. 
• And more!