"Alerted.org

Take the next step toward your new career today!

Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!

The Manager, Information Security is responsible for leading a small team in analyzing information security systems and applications as well as recommending and developing security measures to protect information against unauthorized modification or loss.

Key Responsibilities:

·

• Participate in a review of monthly vulnerability scans and determine an action plan to reduce vulnerabilities by coordinating with server owners.

• Monitor patching program for compliance with appropriate patch level, work with Server Administrator to achieve appropriate level, and assist with reporting out of compliance systems monthly.

• Participate in developing additional, or editing current, required Information Security training.

• Contribute to the annual review of policies and assist in keeping policies current.

·

• In conjunction with business owner/s and database team, conduct database access review for key databases containing customer and cardholder data (Postilion, Mozart, Accusystems, Encompass, Bancline, Item Processing, etc.).

• Assist in conducting quarterly and annual application access reviews (Postilion, Ingress to PCI environment, Mozart, Accusystems, Encompass, and Administrator).

• Perform a sample of branch security reviews on a quarterly basis to ensure adherence with expected policies and procedures including PCI Requirement 9 – Physical Access to Cardholder Data.

• Support testing DLP system to ensure scanning for cardholder data, file/folder encryption, and email test meet required controls.

• Assist in conducting remote access and mobile access reviews.

• Participate in password, vulnerability scanning (external, internal, application), card holder data testing to ensure compliance with bank standards.

• Participate in the testing of ISE in a sampling of locations, as determined by supervisor, and verify IDS/IPS system generating alerts.

·

• Assist in reviewing configuration of DLP, HIPs, Encryption, and Anti-Virus systems and reports including monthly scans to ensure cardholder data and systems are secure.

• Review system configuration and generated reports to ensure server hardening meets applicable standards.

• Inspect and review sampling (PCI) firewall, router, switch, IDS/IPS configuration to ensure compliance with PCI standards.

• Review and verify logging activity configurations are generating adequate coverage to ensure proper tracking, alerting, and maintaining of logs to meet required standards.

• Verify native system file-integrity monitoring tool is configured to monitory system/application executables and parameter files; verify logs are stored and alerts are set.

• Perform, as needed, application and system security functionality testing to ensure adequate controls are applied and/or configured pre-implementation and post-implementation.

·

• Mentor direct report(s) as needed on Information Security processes, policies, tools, and the overall Information Security Program.

• Provide Direct Report(s) annual performance review as required and performance feedback throughout the year as necessary.

• Assign tasks to direct report(s) that the Information Security team is required to complete per the direction of the Chief Information Security Office

• Develop enhancements and make recommendations to controls, policies, and processes that will assist in the maturity of the Information Security Program.

• As designated by the Chief Information Security Officer, serve as Lead on assigned Information Security projects to document requirements, provide input on solutions, and provide project status of progress and issues.

·

• Attend monthly Information Security Committee meetings as required.

• Participate in industry/peer group/conferences as necessary to stay current with Information Security trends and best practices.

• Complete assigned industry and/or job-related training in as required.

Competencies Required:

• Solid technical ability and strong knowledge of Data Loss Prevention (DLP) processes and policies.

• Advanced technical knowledge of system configuration for DLP, HIPs, Encryption and Anti-Virus systems and related reporting and monitoring.

• Advanced technical knowledge of (PCI) firewall, router, switch, IDS/IPS configurations.

• Advanced understanding of PCI compliance standards.

• Exceptional understanding of information security controls and concepts, (i.e., phishing or other widely recognized threats.)

• Ability to identify and implement system and process improvements.

• Ability to develop and implement training programs.

• Ability to work on multiple tasks simultaneously, set priorities and meet deadlines.

• Ability to lead and work in a fast paced, collaborative environment, drawing on the expertise of all team members to deliver projects.

Minimum Qualifications/Experience:

• Minimum 7 years’ experience in assessing, utilizing, supporting and/or maintaining of logical and physical security architectures and technologies, including but not limited to IPS/IDS, firewall, SIEM, VPN, anti-virus, email, web, data, video, physical access control hardware and related operating systems & supporting software.

Formal Education & Certification:

• Bachelor’s degree in Information Systems, Computer Science or a related discipline preferred, or an equivalent amount of directly related work experience.

• One or more of the following certifications is preferred.

• Security

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Internal Security Assessor (ISA)

Work Status:

• Full-time.

Supervisory Responsibility:

• 1-3 Direct Reports.

Travel:

• 0% - Negligible amount of travel is expected.

Working Conditions:

• Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.

Disclaimer:

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Woodforest is an Equal Opportunity Employer, including Disability and Veterans.

**Job:** **Technology Services*

**Organization:** **Texas - Houston*

**Title:** *Manager Information Security*

**Location:** *Texas-The Woodlands*

**Requisition ID:** *069951*