Lead Information Security Engineer

Lead Information Security Engineer New York, NY

Premier NYC legal organization has an immediate need for a Lead Information Security Engineer that will design, integrate, implement and monitor the firm's information systems and security infrastructure.

This role is remote for now, and then onsite 2-3 days / week in the future.

Responsibilities :

• In conjunction with Information Technology Operations personnel, leads the design, implementation and support of security measures including but not limited to : Cloud Security, Vulnerability Management, Email Security, Endpoint Security, Document Management Systems, Privileged Account Management, Advanced Threat Defense, Data Loss Prevention, Incident Response.
• Leads the monitoring and investigation of security related activity identified in logs and alerts from those systems.
• Evaluates proposed IT projects and emerging technology while making security recommendations to ensure the risk is controlled at an acceptable level.
• Leads the analysis, resolution, and communication of cyber security problems and issues.
• Performs various assurance and auditing activities to ensure that the security controls are designed and implemented appropriately.
• Develops and maintains appropriate escalation procedures for the different types of alerts that the various monitored systems generate.
• Evaluates threat intelligence feeds, vulnerability reports, security exploit reports, and other information security notices as needed and makes recommendations to internal management and technical staff to take precautionary steps.
• Administers the reporting functions of security monitoring systems, assisting in the identification and creation of appropriate reports for delivery to management.
• Interprets information security policies, standards, and other requirements and assists with their implementation.

Requirements :

• Previous financial services, professional services or law firm experience desired.
• Must have at least one security certification (CISSP, CISM, SANS, etc.).
• Minimum 7 years of progressively advancing hands-on experience in Information Security field with track record of success.
• Knowledge of or experience with ISO 27001 framework is desired.
• Expert knowledge of information security methodology and tools such as access control, threat intelligence, zero-day threats, incident response and vulnerability management tools.
• Strong hands-on experience in Azure cloud security, network architecture and security assessment.
• Ability to work in a team environment, as well as independently.
• Strong analytical skills.
• Data privacy and other compliance experience are a big plus.
19 days ago