Information Security Manager

The Company

Cypress Creek Energy is powering a sustainable future one project at a time. We develop finance own and operate utility-scale and distributed solar and storage projects across the country. Fostering a diverse group of innovative thinkers from all backgrounds Cypress people are drawn to work in a purpose-driven organization. We hope you will join us.

Overview

Cypress Creek Energy is hiring an Information Security Manager to lead the companys security operations and complianceprogram. This is a hands-on individual contributor role designed for a senior technical security professional ready to take ownership of a complete program with the opportunity to grow into a leader of a team as the function scales.

The successful candidate brings a balance of deep technical execution and program-level compliance maturity. You will own the day-to-day security tooling stack lead the companys NIST-based compliance program shape policy in emerging areas including artificial intelligence andmaintainan accurateview of every system in the environment. You will report directly to the Chief Technology Officer and partner closely with IT Counsels and business stakeholders across the company.

Responsibilities

Security Operations & Engineering

• Endpoint security:Administer and tune Microsoft Defender across the endpoint estate including policy configuration alert triage response and reporting.
• Network and access security:Manage the Zscaler platform (ZIA/ZPA) including policy development traffic inspection access controls and integration with identity systems.
• SIEM operations:Own SIEM tuning detection engineering log source onboarding alerting and incident workflows. Build dashboards and metrics that surface meaningful signals.
• Vulnerability management:Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize track and verify remediation in partnership with IT and engineering teams.
• Patch management:Maintainendpoint patching cadence and reporting ensuring coverage exception tracking and SLA adherence.
• Digital forensics & incident response:Lead investigations into security events perform forensic analysis document findings and coordinateresponsewith internal teams and external partners as needed.

Compliance & Governance

• NIST-based program:Maintainand continuously improve the companys NIST Cybersecurity Framework-aligned security program including controls mapping evidence collection and gap remediation.
• Policy management:Own the security policy library ensure policies and standards are current reviewed on a defined cadence approved through the right channels and communicated to the business.
• AI policy and guidance:Develop andmaintainthe companys AI usage policies acceptable use guidance and reviewprocessfor new AI tools in coordination with Counsels and IT.
• System inventory:Build andmaintainan authoritative inventory of systems applications data flows and ownership. Keep itaccurateas the environment evolves.
• Audit and assessment support:Lead responses to internal and external audits customer security reviews and regulatory inquiries. Manage remediation of identified findings through closure.
• Risk management:Identify document and track information security risks; propose mitigations and report on residual risk to leadership.

Leadership & Cross-Functional Partnership

• Stakeholder engagement:Partner with IT Counsels HR and business leaders on security mattersprovidingclear guidance that balances risk with business needs.
• Operational Technology (OT):Act as a partner and advisor to the OTteamcoordinating security and compliance initiatives across the company. Manage intersection of IT and OT endpoints systems and networks.
• Security awareness:Drive the security awareness program including phishing simulations training content and ongoing communications.
• Vendor and third-party risk:Assess and manage security risk associated with vendors contractors and third-party service providers.
• Future team leadership:Lay the groundwork to scale the function. As the program matureshirementor andleada team of security professionals.

Education & Experience Required

• Use of AI to enhance and scale security operations establishAI first Security Ops
• Bachelors degree in computer science information systems cybersecurity or related field or equivalent professional experience.
• 5 years of progressive experience in information security withdemonstrateddepth in security operations engineering or a combination of both.
• Hands-on administration and tuning experience with Microsoft Defender (Endpoint Identity Cloud).
• Production experience operating Zscaler (ZIA and/or ZPA) including policy management and troubleshooting.
• Strong SIEM experience building detections tuning alerts investigating incidents and onboarding log sources.
• Vulnerability management experience across cloud environments specifically AWS and Azure.
• Working knowledge of digital forensics and incident responsemethodology.
• Demonstrated experienceoperatinga security program aligned to the NIST Cybersecurity Framework or NIST 800-53.
• Track recordof writingmaintaining and operationalizing security policies and standards.
• Clear written and verbal communication including the ability to explain technical risk to non-technical audiences.
• Ability to work from the Durham NC or Washington DC office three days per week.
• Embrace and live by the mission and values of Cypress Creek Energy

Preferred Qualifications

• Industry certifications such as CISSP CISM GIAC (GCIH GCFA GCIA) or equivalent.
• Experienceoperatingin the energy utility or critical infrastructure sector.
• Familiarity with NERC CIP or other regulatory frameworks relevant to the power sector.
• Experience scripting or automating security workflows (Python PowerShell KQL).
• Prior experience as a senior technical lead preparing to step into a manager role.

Location: The preferred location for this role is for our offices in Durham NC and Washington DC. Our team operates on a hybrid schedule with in-office schedule of three days per week.

Compensation: The salary range for the position is $140000 - $170000 plus bonus and benefits. Compensation may vary outside of this range depending on a number of factors including a candidates qualifications skills competencies and experience and location.

Benefits:

• 15 days of Paid Time Off accrual up to 20 days 11 observed holidays.
• 401(k) Match
• Comprehensive package including medical dental vision and health insurance
• Wellness stipend family planning stipend and generous parental leave
• Tuition Reimbursement
• Phone Bill Reimbursement
• Company Swag

A note to Recruiting Agencies Cypress Creek Energy Human Resources team does not accept unsolicited resumes from third party recruiters staffing firms or related agencies. The Human Resources team coordinates all recruiting and hiring at our company. We do not accept resumes from third-party recruiters unless authorized by the Human Resources team and if a signed agreement is in place. Any unsolicited resumes will be considered property of CCE and we are not responsible for any related fees. All communication related to recruiting partnerships should ONLY be directed to the Human Resources team.

Cypress Creek Energy is an equal opportunity employer and considers all qualified applicants without regard to race color religion sex sexual orientation gender identity national origin age disability or veteran status. We are committed to providing a workplace that is inclusive and values diversity and we encourage candidates from all backgrounds to apply.

Please be aware of recruiting scamsofficial communications will only come from @ we will never request personal or financial information and any suspicious activity should be reported to.