Information Security Manager

About The Position

Requirements

• Use of AI to enhance and scale security operations – establish AI first Security Ops
• Bachelor's degree in computer science, information systems, cybersecurity, or related field — or equivalent professional experience.
• 5+ years of progressive experience in information security, with demonstrated depth in security operations, engineering, or a combination of both.
• Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, Cloud).
• Production experience operating Zscaler (ZIA and/or ZPA), including policy management and troubleshooting.
• Strong SIEM experience — building detections, tuning alerts, investigating incidents, and onboarding log sources.
• Vulnerability management experience across cloud environments, specifically AWS and Azure.
• Working knowledge of digital forensics and incident response methodology.
• Demonstrated experience operating a security program aligned to the NIST Cybersecurity Framework or NIST 800-53.
• Track record of writing, maintaining, and operationalizing security policies and standards.
• Clear written and verbal communication, including the ability to explain technical risk to non-technical audiences.
• Ability to work from the Durham, NC or Washington, DC office three days per week.
• Embrace and live by the mission and values of Cypress Creek Energy

Nice To Haves

• Industry certifications such as CISSP, CISM, GIAC (GCIH, GCFA, GCIA), or equivalent.
• Experience operating in the energy, utility, or critical infrastructure sector.
• Familiarity with NERC CIP or other regulatory frameworks relevant to the power sector.
• Experience scripting or automating security workflows (Python, PowerShell, KQL).
• Prior experience as a senior technical lead preparing to step into a manager role.

Responsibilities

• Administer and tune Microsoft Defender across the endpoint estate, including policy configuration, alert triage, response, and reporting.
• Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems.
• Own SIEM tuning, detection engineering, log source onboarding, alerting, and incident workflows. Build dashboards and metrics that surface meaningful signals.
• Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize, track, and verify remediation in partnership with IT and engineering teams.
• Maintain endpoint patching cadence and reporting, ensuring coverage, exception tracking, and SLA adherence.
• Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed.
• Maintain and continuously improve the company's NIST Cybersecurity Framework-aligned security program, including controls mapping, evidence collection, and gap remediation.
• Own the security policy library — ensure policies and standards are current, reviewed on a defined cadence, approved through the right channels, and communicated to the business.
• Develop and maintain the company's AI usage policies, acceptable use guidance, and review process for new AI tools, in coordination with Counsels and IT.
• Build and maintain an authoritative inventory of systems, applications, data flows, and ownership. Keep it accurate as the environment evolves.
• Lead responses to internal and external audits, customer security reviews, and regulatory inquiries. Manage remediation of identified findings through closure.
• Identify, document, and track information security risks; propose mitigations and report on residual risk to leadership.
• Partner with IT, Counsels, HR, and business leaders on security matters, providing clear guidance that balances risk with business needs.
• Act as a partner and advisor to the OT team coordinating security and compliance initiatives across the company. Manage intersection of IT and OT endpoints, systems, and networks.
• Drive the security awareness program, including phishing simulations, training content, and ongoing communications.
• Assess and manage security risk associated with vendors, contractors, and third-party service providers.
• Lay the groundwork to scale the function. As the program matures, hire, mentor, and lead a team of security professionals.

Benefits

• 15 days of Paid Time Off, accrual up to 20 days, 11 observed holidays.
• 401(k) Match
• Comprehensive package including medical, dental, vision and health insurance
• Wellness stipend, family planning stipend, and generous parental leave
• Tuition Reimbursement
• Phone Bill Reimbursement
• Company Swag