Our Partners thrive The H-E-B Way. As a Senior Information Security Advisor, you would have a

HEART FOR PEOPLE you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions

The Information Security Advisor supports security and risk management initiatives to align with H-E-Bs Security Standards. This position will work with technology, business, and legal teams to develop secure solutions and will help coordinate security projects for products and the business. These projects may include: coordination of infrastructure and application security vulnerability remediation efforts, providing security guidance for new business projects, oversight of critical security access reviews, validating disaster recovery documentation & test activities, and coordinating the remediation of all security audit findings. The Information Security Advisor also helps the business comply with all legal, regulatory, & contractual security obligations, assists with the development & implementation of security process improvements, and champions security & risk mitigation. It may also be involved in certain aspects of security operational tasks, such as approving security requests or helping with the business context in incident response exercises.

What youll do

• Advise business on eCommerce, financial and payment security requirements aligned with compliance and industry best practices
• Working knowledge of IT security frameworks and regulations such as NIST, ISO, CSF, and PCI DSS
• Sharing details of vulnerability and configuration security findings with technology teams.
• Tracking and communicating with teams related to security coverage gaps (e.g. endpoint protection, vulnerability scanning).
• Threat modeling and documenting security risks associated with projects
• Supporting the updating/tracking of risks.
• Supporting the updating/tracking of projects.
• Supporting risk assessments.
• Supporting disaster recovery testing processes and tabletop activities.
• Completing User Access Reviews for systems that do not have centralized account management.
• Identifying gaps in training and documentation from team members feedback.
• Helping to draft and publish content (e.g. blog post) to close the gaps with the subject matter experts.
• Supporting learning and growing knowledge across Cybersecurity.
• Supporting communicating general security topics to teams (Security Awareness Training).
• Individual training on security topics for career growth.
• Assist with subpoena requests working with internal/external Legal Counsel.

Who You Are

• Experience conducting PCI DSS assessments
• Familiarity with Vulnerability Management and Risk Assessment
• Understanding of web & mobile applications, cloud technologies, API Security, microservices & container security principles, system infrastructure, and enterprise architecture
• Ability to work in a fast-paced and dynamic environment
• Ability to work in a team and fix issues with limited supervision
• Excellent organizational, project management, and follow-up skills
• Ability to build and maintain strong working relationships at all levels of the organization
• Excellent communication, presentation, and reporting skills
• Bachelors degree or equivalent combination of education and work experience.
• 5+ years of IT security experience
• One or more professional security certifications such as CISSP, CISA, CCSP