Information Security Program Manager- Sugar Land or Lubbock

POSITION PURPOSE

The Information Security Program Manager is responsible for overseeing various aspects of the Information Security Program, including: 1) leading and managing information security initiatives, 2) developing and reporting operational metrics, compliance metrics, and key risk indicators (KRIs), 3) creating and maintaining information security policies, standards, and procedures, and 4) managing the Bank’s information security awareness program. This role focuses on driving continuous process improvement and fostering effective collaboration across cross-functional teams and departments to address information security challenges and opportunities throughout the Bank. The position requires a blend of technical and creative skills and reports directly to the Chief Information Security Officer (CISO).

ESSENTIAL FUNCTIONS AND BASIC DUTIES

Project Portfolio Management

• Work with the CISO and other IT/business leaders to assess program strengths and identify improvement areas.
• Maintain the information security project portfolio and routine activities in line with the Bank’s information security plan.
• Develop and maintain project management processes, workflows, and documentation.
• Define and manage projects and tasks.
• Coordinate teams to deliver on information security projects and initiatives.
• Manage dependencies and risks.
• Collaborate with stakeholders to ensure transparent communication about project status and risks.

Information Security Awareness

• Oversee the Bank’s information security awareness program, including creating newsletters, conducting awareness campaigns, and collaborating with Marketing to enhance training materials.
• Collaborate with the team to create content for training and testing employees on information security practices.
• Manage and deliver information security awareness training and testing.
• Partner with the marketing team to develop strategies to enhance information security awareness efforts.

Metrics and Reporting

• Build and monitor key metrics and reporting.
• Deliver frequent reports on program status to the enterprise and internal stakeholders.
• Create monthly metric reports and quarterly presentations for the CISO to present at executive committee meetings.

Goal Tracking

• Ensure tracking of department goals related to compliance, employee training, threat detection, data privacy, and third-party vendor evaluation.
• Understand and communicate organizational goals to optimize team and project priorities.

Change Management

• Participate in the Bank’s change management program.

Best Practices

• Advocate and develop best practices to enhance project management effectiveness for department initiatives.
• Create strategic workflows, project roadmaps, and modules to streamline program initiatives.

Policy, Standard, and Procedure Administration

• Develop and maintain information security policies and procedures.
• Develop department standard operating procedures (SOP) and service level agreements (SLA).

Leadership and Development

• Promote a positive work environment that supports productive communication, collaboration, and continuous learning.
• Train, develop, and coach team associates consistently.
• Celebrate and reward significant achievements of associates.
• Assist team members in developing their individual strengths and addressing development needs.
• Inspire associates to identify new opportunities and continuously improve the organization.
• Encourage associates to set challenging goals and high-performance standards.
• Present logical and persuasive cases for proposals and positions.

QUALIFICATIONS

Education/Certification:  Bachelor’s degree in computer science, information assurance, MIS, or related field, or equivalent work experience. Professional certifications including CISSP, CISM, CRISC, SANS, PMP, and Scrum a plus.

Required Knowledge:        Thorough knowledge of financial institution products and services preferred.

Understanding of related applications, systems, and services.

Knowledge or experience working with common cybersecurity frameworks including the NIST CSF, CRI Cyber Profile, and CIS Controls.

Core understanding of fundamental project management principles and methodologies with experience in agile and Scrum preferred.

Knowledge and experience working in the full Microsoft 365 suite (i.e. Office 365, Power Platform, etc.).

Experience developing content for information security awareness communications, newsletters, phishing, and training campaigns.

Desire to maintain up-to-date knowledge of information and cyber security related products and services, regulations, and internal Bank procedures.

Experience collecting, analyzing, summarizing, and presenting department data and trend reports for second line (3 Lines of Defense).

Proven effectiveness in practicing punctuality, respecting deadlines, solving problems, and communicating honestly and with integrity.

Experience Required:        7-10 years of professional experience in related fields.

1-3 years of experience in an information security or cybersecurity role.

1-3 years of experience in a program/project management role.

Skills/Abilities:                  Proven experience in program development and management.

Proven stakeholder management skills.

Proven experience facilitating and leading teams in projects, preferably agile or Scrum teams.

Competency in business document management and creation platforms.

Excellent verbal and written communication skills.

Ability to explain information security terminology and concepts to cross functional stakeholders for easy consumption.

Exceptional organizational and time-management skills.

Understands service design and delivery concepts.

Leverage subject matter expertise in security and compliance.

Possess a high level of integrity, trustworthiness, and confidence to represent the Bank with a high level of professionalism.