The Howard Hughes name is synonymous with an unrelenting passion for excellence. While his achievements in aviation and the silver screen are legendary, it was his investments in real estate that formed the foundation of our company. With passion, determination, and limitless imagination, he built one of the great American empires of the 20th century. At Howard Hughes, we live by our purpose to help people discover new ways of experiencing life - because it's not just buildings and places that matter, it's what you do with them that can change the way people live.
We aspire to be the most creatively driven real estate company in the world and we believe in fostering a culture that is built to last by cultivating curiosity and empowering every employee to find their story in this great organization.
Want more jobs like this?
Get jobs in The Woodlands, TX delivered to your inbox every week.
Dedicated to innovative placemaking, Howard Hughes owns, manages, and develops award-winning master planned communities, as well as operating properties and development opportunities including: Downtown Columbia®, Maryland; The Woodlands®, The Woodlands Hills®, and Bridgeland® in the Greater Houston, Texas area; Summerlin®, Las Vegas; Teravalis, Phoenix and Ward Village® in Honolulu, Hawaii.
About The Role
The Director of IT Security is responsible for developing, implementing, and maintaining the enterprise vision, strategy, and program to safeguard HHH's systems and data. The Director IT Security will work closely with the executive and IT leadership teams and other stakeholders to develop and implement a comprehensive information security program that effectively manages risk and protects the confidentiality, integrity, and availability of critical systems and data.
What You Will Do
Information Security Strategy
- Develop and lead the execution of the information security strategy, aligning it with the overall business objectives.
- Define and communicate security policies, procedures, and standards across the organization
- Continuously monitor industry trends and emerging threats to adjust the security strategy as needed.
- Provide guidance to the executive leadership team and Board of Directors on comprehensive cybersecurity strategies and recommended actions.
- Provide regular updates on the status of the IT cybersecurity program to Executive Leadership and the Board of Directors.
Risk Management
- Identify, assess, and prioritize security risks and vulnerabilities.
- Implement risk mitigation strategies and security controls to safeguard the organization's assets.
- Monitor and provide real-time analysis and mitigation of security threats.
Security Governance
- Establish and maintain an robust security governance framework.
- Oversee compliance with relevant frameworks and regulatory requirements (e.g., GDPR, ISO 27001, NIST, etc.).
- Ensure compliance with legal and ethical standards in information cybersecurity practices across the organization.
Incident Response and Recovery
- Develop and maintain a comprehensive incident response plan to address security events.
- Lead incident response efforts, coordinate with external resources, and oversee recovery and remediation efforts.
Security Operations
- Lead the security operations in monitoring, detecting, and responding to security incidents and threats.
- Manage and maintain security technologies such as intrusion detection systems, firewalls, and endpoint security solutions.
- Develop and administer security awareness programs for company personnel to ensure that we are well-informed about security policies and best practices.
- Conduct regular security assessments, vulnerability scans, and penetration testing to identify and remediate weaknesses in the organization's technology environment.
Vendor and Third-Party Security
- Continuously evaluate the security posture of third-party vendors and service providers.
- Collaborate with Legal and Procurement teams to ensure that cybersecurity requirements are included in contracts and agreements with external parties.
Budget and Resource Management
- Develop and manage the information security budget, organization structure including staff and vendor cybersecurity organizations, cyber security technology stack, and training resources.
- Ensure the efficient use of allocated resources to meet security objectives.
Executive-Level Reporting
- Assists in reporting to the most senior levels of the Company (Executive Team, the Board of Directors, and subcommittees). Reporting to include the Company's overall cyber strategy, cyber related metrics, industry updates, risk mitigation and the status on other cyber related initiatives.
About You
- Bachelor's degree in computer science, information technology, or a related field. Master's degree preferred.
- Certified Information Systems Security Professional (CISSP) or equivalent certification.
- Over 10 years of experience in information security, including a minimum of 5 years in a senior leadership role.
- In-depth knowledge of cybersecurity principles, technologies, and best practices.
- Strong understanding of regulatory requirements and compliance standards.
- Excellent communication and leadership skills.
- Proven ability to build and lead a high-performing cybersecurity team.
- Excellent interpersonal, verbal, and written communication skills.
- Ability to present complex information to all levels of the organization.
- Capability to operate in a dynamic work environment with competing priorities.
- A team oriented individual who can multi-task and is self-directed.
- Demonstrates sound judgment in decision-making when not all information is available.
- Strong problem-solving and critical thinking abilities.
- Onsite presence required Mon-Thurs.
This job description is not meant to be an "all-inclusive" list of the duties and responsibilities of this job. Other related duties and responsibilities may be assigned. The Company reserves the right to change or modify job duties as necessary based on business necessity.
NOTICE TO THIRD PARTY AGENCIES
Please note that Howard Hughes does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, HHH will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a signed agreement for any role, HHH explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Howard Hughes.