Information Security Manager
$140k - $155kCypress Creek Renewables
Information Security Manager
Durham, NC or Washington, DC
The energy industry is entering one of the most significant periods of growth and transformation in its history. Meeting the nation's growing demand for reliable electricity will require new ideas, new infrastructure, and talented people committed to building for the future.
At Cypress Creek Energy, we're meeting that challenge by developing and operating the energy infrastructure needed to power communities, support economic opportunity, and strengthen resilience. We believe our responsibility extends beyond the grid and that how we build matters just as much as what we build.
That same commitment extends to our employees. We invest in professional growth, encourage collaboration across teams, and provide opportunities to take ownership, expand your expertise, and advance your career. Our culture is grounded in safety, accountability, respect, and a shared commitment to deliver results. Join us and help meet one of the most important energy challenges of our time while building a rewarding career.
Overview
Cypress Creek Energy is hiring an Information Security Manager to lead the company's security operations and compliance program. This is a hands-on individual contributor role designed for a senior technical security professional ready to take ownership of a complete program — with the opportunity to grow into a leader of a team as the function scales.
The successful candidate brings a balance of deep technical execution and program-level compliance maturity. You will own the day-to-day security tooling stack, lead the company's NIST-based compliance program, shape policy in emerging areas including artificial intelligence, and maintain an accurate view of every system in the environment. You will report directly to the Chief Technology Officer and partner closely with IT, Counsels, and business stakeholders across the company.
Responsibilities
- Security Operations & Engineering
- Endpoint security: Administer and tune Microsoft Defender across the endpoint estate, including policy configuration, alert triage, response, and reporting.
- Network and access security: Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems.
- SIEM operations: Own SIEM tuning, detection engineering, log source onboarding, alerting, and incident workflows. Build dashboards and metrics that surface meaningful signals.
- Vulnerability management: Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize, track, and verify remediation in partnership with IT and engineering teams.
- Patch management: Maintain endpoint patching cadence and reporting, ensuring coverage, exception tracking, and SLA adherence.
- Digital forensics & incident response: Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed.
- Compliance & Governance
- NIST-based program: Maintain and continuously improve the company's NIST Cybersecurity Framework-aligned security program, including controls mapping, evidence collection, and gap remediation.
- Policy management: Own the security policy library — ensure policies and standards are current, reviewed on a defined cadence, approved through the right channels, and communicated to the business.
- AI policy and guidance: Develop and maintain the company's AI usage policies, acceptable use guidance, and review process for new AI tools, in coordination with Counsels and IT.
- System inventory: Build and maintain an authoritative inventory of systems, applications, data flows, and ownership. Keep it accurate as the environment evolves.
- Audit and assessment support: Lead responses to internal and external audits, customer security reviews, and regulatory inquiries. Manage remediation of identified findings through closure.
- Risk management: Identify, document, and track information security risks; propose mitigations and report on residual risk to leadership.
- Leadership & Cross-Functional Partnership
- Stakeholder engagement: Partner with IT, Counsels, HR, and business leaders on security matters, providing clear guidance that balances risk with business needs.
- Operational Technology (OT): Act as a partner and advisor to the OT team coordinating security and compliance initiatives across the company. Manage intersection of IT and OT endpoints, systems, and networks.
- Security awareness: Drive the security awareness program, including phishing simulations, training content, and ongoing communications.
- Vendor and third-party risk: Assess and manage security risk associated with vendors, contractors, and third-party service providers.
- Future team leadership: Lay the groundwork to scale the function. As the program matures, hire, mentor, and lead a team of security professionals.
Education & Experience Required
- Use of AI to enhance and scale security operations – establish AI first Security Ops
- Bachelor's degree in computer science, information systems, cybersecurity, or related field — or equivalent professional experience.
- 5+ years of progressive experience in information security, with demonstrated depth in security operations, engineering, or a combination of both.
- Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, Cloud).
- Production experience operating Zscaler (ZIA and/or ZPA), including policy management and troubleshooting.
- Strong SIEM experience — building detections, tuning alerts, investigating incidents, and onboarding log sources.
- Vulnerability management experience across cloud environments, specifically AWS and Azure.
- Working knowledge of digital forensics and incident response methodology.
- Demonstrated experience operating a security program aligned to the NIST Cybersecurity Framework or NIST 800-53.
- Track record of writing, maintaining, and operationalizing security policies and standards.
- Clear written and verbal communication, including the ability to explain technical risk to non-technical audiences.
- Ability to work from the Durham, NC or Washington, DC office three days per week.
- Embrace and live by the mission and values of Cypress Creek Energy
Preferred Qualifications
- Industry certifications such as CISSP, CISM, GIAC (GCIH, GCFA, GCIA), or equivalent.
- Experience operating in the energy, utility, or critical infrastructure sector.
- Familiarity with NERC CIP or other regulatory frameworks relevant to the power sector.
- Experience scripting or automating security workflows (Python, PowerShell, KQL).
- Prior experience as a senior technical lead preparing to step into a manager role.
Location: The preferred location for this role is for our offices in Durham, NC and Washington, DC. Our team operates on a hybrid schedule, with in-office schedule of three days per week.
Compensation: The salary range for the position is $140,000 - $155,000 plus bonus and benefits. Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location.
Benefits:
- 15 days of Paid Time Off, accrual up to 20 days, 11 observed holidays.
- 401(k) Match
- Comprehensive package including medical, dental, vision and health insurance
- Wellness stipend, family planning stipend, and generous parental leave
- Tuition Reimbursement
- Phone Bill Reimbursement
- Company Swag
A note to Recruiting Agencies Cypress Creek Energy Human Resources team does not accept unsolicited resumes from third party recruiters, staffing firms, or related agencies. The Human Resources team coordinates all recruiting and hiring at our company. We do not accept resumes from third-party recruiters unless authorized by the Human Resources team and if a signed agreement is in place. Any unsolicited resumes will be considered property of CCE and we are not responsible for any related fees. All communication related to recruiting partnerships should ONLY be directed to the Human Resources team.
Cypress Creek Energy is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status. We are committed to providing a workplace that is inclusive and values diversity, and we encourage candidates from all backgrounds to apply.
Please be aware of recruiting scams—official communications will only come from @ccrenew.com, we will never request personal or financial information, and any suspicious activity should be reported to View email address on click.appcast.io.
- ...Information Security Manager SG2 Recruiting is seeking an information security manager to support IC client in the Washington DC Metro area. The information security manager (ISM) will apply their proactive approach to safeguarding organizational data and systems....SuggestedWork at office
$175k - $200k
## Information Systems Security ManagerApplylocations: University of Maryland College Parktime type: Full timeposted on: Posted 2 Days Agojob requisition... ...who will also serve as an Information Systems Security Manager (ISSM) to support advanced research programs at the...SuggestedWork experience placementInterim roleWork at office- ...Maximus is looking for a Senior Information Systems Security Manager (ISSM) to join its team in Rosslyn, VA. The ideal candidate will possess a deep understanding of information security principles, regulatory requirements, and industry best practices. They will be adept...Suggested
$127.94k - $186.6k
...them with exceptional professionals for this role. Lead Information Systems Security Officer (ISSO) Arlington, Virginia, United States,... ...sound judgment with sensitive information, and proactively manage security documentation and compliance activities in a dynamic...SuggestedWork from homeHome officeFlexible hours- ...seeks a motivated, career and customer-oriented Senior Information Systems Security Officer (ISSO) to join our team in Washington, D.C . This... ...WebInspect, and Network Mapper (NMAP). ~ Proven experience managing complex network documentation, inventorying networks, and...SuggestedWork at officeRemote work
$160k - $172k
Title: Information Systems Security Manager (ISSM) Belong. Connect. Grow. with KBR! KBR’s National Security Solutions team provides high-end engineering and advanced technology solutions to our customers in the intelligence and national security communities. In this position...Full timeTemporary workLocal areaWorldwideRelocation packageFree visaFlexible hours$248.1k - $400k
...preparation of independent, accurate, and informative audit reports. Our investor... ...-time position for a Chief Information Security Officer (CISO) in the Office of Technology... ...CRO) and the Office of Enterprise Risk Management (OERM) on information security risk related...Full timeContract workWork at officeImmediate start- ...Chief Information Security Officer (CISO) / Head of Information Security We are seeking an experienced Information Security Leader to define... ...; report findings to senior leadership and stakeholders. Manage the information security budget, including planning,...Remote work
- Cybersecurity Manager The primary purpose of this position is to manage and direct all aspects of Department of the Air Force cybersecurity staff functions, serving as the lead cybersecurity advisor and establishing DAF-wide cybersecurity strategies and policies.
- ...Chief Information Security Officer (CISO) for the Department of the Air Force As the Chief Information Security Officer (CISO) for the Department... ...emerging cyber threats. You will: Direct and manage a comprehensive, DAF-wide cybersecurity program to ensure...Civilian ContractorFor contractors
$105.1k - $231.1k
...Job Title: Senior Information System Security Officer Job Category: Information Technology Time Type: Full time Minimum Clearance Required... ...cybersecurity engineering efforts for assigned Program Management Organizations with direct support to the Compliance...Full timeContract workWork experience placementWork at officeFlexible hours$310k - $420k
...Practice Area : ~ Global Data Governance, Incident Response & Information Security Regulatory Compliance Location: ~ Washington, D.C... ...The Legal 500, serving as the vanguard for digital risk management. The group is comprised of an unparalleled bench of former...Full timeFixed term contractFlexible hours- ...provides services and solutions in: National Security Programs Professional, Administrative, and Management Support Mission and Warfighter Support We... ...Position Status: Full Time Position Title: Information Systems Security Officer (ISSO) I Location: Crystal...Full timeFor contractorsWork at officeLocal areaFlexible hours
- ...Information Systems Security Officer As an Information Systems Security Officer, you will be entrusted with the critical responsibility of safeguarding... ...construct and perpetually update bodies of evidence for managed information systems, custom applications, services, and...Contract workWork at office
$95k - $110k
Information Systems Security Officer (ISSO) Location: Washington, DC (Onsite) Clearance: Top Secret Status: Exempt Responsibilities: Work as part of the IT Security Support Team which manages and operates an information systems security program for a U.S. government...Local areaFlexible hours- ...Information System Security Officer (ISSO) II Security Clearance Requirement: TS, with SCI Eligibility ***Position Requires US Citizenship**... ...shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many...Work at office
$81.35k - $100.05k
...Able to Obtain: Secret Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: DISA STIG, NIST Risk Management Framework, Operations Security Certifications: None Experience: 3+ years of related experience US Citizenship...Work experience placementRemote work- ...guide the MARS developers through the Risk Management Framework (RMF). The contractor will apply knowledge and understanding of information assurance (IA) concepts and practices.... ...standards to minimize and/or mitigate RMF security risks. The contractor will review and...For contractorsWork experience placementFor subcontractorWorldwide
- ...established in 2009, provides superior program management, program support, strategic planning,... ...Force ( HQ USSF) Director of Staff Security Office (SF/DSZ) is responsible for... ...Compartmented Personnel Security Program, Information Security, Industrial Security, Physical...Temporary workFor contractorsWork at officeRemote workMonday to FridayFlexible hours
$100k - $130k
...winning provider of full lifecycle program, investment, and security management consulting services that enable United States civilian,... ...For: TSTC is seeking a contingent hire for a full-time Information Systems Security Officer to support a new contract at USCG....Full timeContract workTemporary workLocal areaRemote workFlexible hours$104k - $166k
...Information System Security Officer Job Locations US-MD-Silver Spring Requisition ID 2026-168211 Position Category... ...not limited to: Assist the Information System Security Manager (ISSM) with information assurance efforts, and systems across...Full timeContract workWork experience placementWork at officeShift work- ...Information Systems Security Officer (ISSO) - Senior Category: Cyber Security Main location: United States, Virginia, Arlington Position ID... ...procedures to protect information systems. • Risk Assessment and Management: They conduct regular security audits, vulnerability...Full time
$97.24k - $131.56k
...Information System Security Officer (ISSO) Location: USA DC Washington Full Part/Time: Full time Type of Requisition: Regular Clearance Level... ...Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Description: The ISSO is responsible for ensuring...Full timeTemporary workPart timeWork at officeImmediate startRemote workWorldwideFlexible hours- ...Information Systems Security Officer (ISSO) Employment Type: Full-Time, Experienced Department: Information Technology CGS is seeking... ...includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the...Full timeLocal areaRemote workFlexible hours
- ...Information Systems Security Officer (ISSO) Helm Point Solutions is a woman-owned cybersecurity and physical security firm supporting the nation... ..., you will: Support the Information System Security Manager (ISSM) in maintaining operational security posture. Own...Flexible hours
$80k - $120k
...Senior Information System Security Officer (ISSO) SAIC is seeking a Senior Information System Security Officer (ISSO) to support a critical... ...Capital Region. This role reports to the Security Program Management Office (SPMO) Manager and works directly with the Lead...Work at officeRemote work3 days per week$119.3k - $138.36k
...technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations.... ...change that moves missions and the government forward! As an Information Systems Security Officer (ISSO), you’ll be responsible for guiding...Live inWork at officeLocal area$120.03k
...Job Description 79-003 Information Systems Security Officer (ISSO) II Location: JB Anacostia-Bolling, DC Salary: $120,028.24 Minimum... ...close collaboration with the Information System Security Manager (ISSM) and Information Security Officer (ISO). The position...Contract work- ...Purpose and Impact Amentum is seeking a Cyber Program Manager to support our U.S. Department of Energy contract. Position will be based... ...SES, Laboratory Directors, or Flag Officer-level leadership. Security Clearance Required Active TS/SCI or DOE Q clearance This position...Contract workFor contractorsFor subcontractor
- ...government contracting company is seeking a Lead Project/Program Manager to oversee IT security documentation and compliance. The role requires strong project management skills and an ability to work with information security teams. Candidates should have a master's degree in...Remote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Information Security Manager. Be the first to apply!
- information security internship Washington DC
- entry level information security analyst Washington DC
- information technology security engineer Washington DC
- senior director information security Washington DC
- information security compliance analyst Washington DC
- information security analyst Washington DC
- information security Washington DC
- information security lead Washington DC
- senior information security analyst Washington DC
- director information security Washington DC


