Information Security Manager- Remote

Cypress Creek Energy is powering a sustainable future, one project at a time. We develop, finance, own and operate utility-scale and distributed solar and storage projects across the country. Fostering a diverse group of innovative thinkers from all backgrounds, Cypress people are drawn to work in a purpose-driven organization.

Cypress Creek

Energy is hiring an Information Security Manager to lead the company's security operations and compliance program. You will own the day-to-day security tooling stack, lead the company's NIST-based compliance program, shape policy in emerging areas including artificial intelligence, and maintain an accurate view of every system in the environment. You will report directly to the Chief Technology Officer and partner closely with IT, Counsels, and business stakeholders across the company.

Security

Operations & Engineering Administer and tune Microsoft Defender across the endpoint estate, including policy configuration, alert triage, response, and reporting.

Network and access security: Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems.

SIEM operations: Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize, track, and verify remediation in partnership with IT and engineering teams.

Digital forensics & incident response: Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed. Maintain and continuously improve the company's NIST Cybersecurity Framework-aligned security program, including controls mapping, evidence collection, and gap remediation.

Policy management: Own the security policy library — ensure policies and standards are current, reviewed on a defined cadence, approved through the right channels, and communicated to the business.

AI policy and guidance: Develop and maintain the company's AI usage policies, acceptable use guidance, and review process for new AI tools, in coordination with Counsels and IT. Build and maintain an authoritative inventory of systems, applications, data flows, and ownership.

Audit and assessment support: Lead responses to internal and external audits, customer security reviews, and regulatory inquiries. Manage remediation of identified findings through closure.

Risk management: Identify, document, and track information security risks; propose mitigations and report on residual risk to leadership. Leadership & Cross-Functional Partnership Partner with IT, Counsels, HR, and business leaders on security matters, providing clear guidance that balances risk with business needs. Manage intersection of IT and OT endpoints, systems, and networks.

Drive the security awareness program, including phishing simulations, training content, and ongoing communications. Vendor and third-party risk: Assess and manage security risk associated with vendors, contractors, and third-party service providers. Use of AI to enhance and scale security operations - establish AI first Security Ops Bachelor's degree in computer science, information systems, cybersecurity, or related field — or equivalent professional experience. 5+ years of progressive experience in information security, with demonstrated depth in security operations, engineering, or a combination of both.

Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, Cloud). Production experience operating Zscaler (ZIA and/or ZPA), including policy management and troubleshooting. Strong SIEM experience — building detections, tuning alerts, investigating incidents, and onboarding log sources.

Vulnerability management experience across cloud environments, specifically AWS and Azure. Working knowledge of digital forensics and incident response methodology. Demonstrated experience operating a security program aligned to the NIST Cybersecurity Framework or NIST 800-53.

Track record of writing, maintaining, and operationalizing security policies and standards. Clear written and verbal communication, including the ability to explain technical risk to non-technical audiences. Ability to work from the Durham, NC or Washington, DC office three days per week.

Familiarity with NERC CIP or other regulatory frameworks relevant to the power sector.

Experience scripting or automating security workflows (Python, PowerShell, KQL). Our team operates on a hybrid schedule, with in-office schedule of three days per week.

Compensation: The salary range for the position is $140,000 - $170,000 plus bonus and benefits. 15 days of Paid Time Off, accrual up to 20 days, 11 observed holidays. Comprehensive package including medical, dental, vision and health insurance Tuition Reimbursement Phone