Information Security Lead
Our client is a global investment firm built at the intersection of financial theory and practical application. They strive to deliver concrete, long-term results by looking past market noise to identify and isolate the factors that matter most, and by developing ideas that stand up to rigorous testing.
About the Role
The Information Security Lead will manage a team of subject matter security experts to architect, design, build and operate the information security infrastructure for both cloud and on-premises environments. This information security infrastructure provides first-line controls in a defence-in-depth approach to advanced security technologies, processes, and procedures to protect the firm’s business practices and assets.
- Interface with senior stakeholders across the Engineering leadership team to proactively interpret risks and priorities, including Platform Engineering Leads, Application Development Leads, the Chief Information Security Officer and the Co-Chief Technology Officers.
- Architect and execute on a multi-year information security technical roadmap to enable a cloud-centric technology platform to support cutting-edge financial innovation
- Lead day-to-day team operations to monitor, troubleshoot, and ensure optimum performance of information security infrastructure
- Lead advanced security analytics efforts for continuous monitoring of the cloud and on-premises technology environments
- Manage relationship with external security vendors, lead vendor assessments, and support incident response and remediation efforts
- Manage, mentor, and train experienced security team to deliver the team’s strategic initiatives in both an engineering and operations standpoint
- Encourage a firm-wide culture of security awareness and evangelize security best practices and principles with application development teams
- Oversee and maintain 24x7x365 coverage and support for security systems
Technical Experience and Knowledge
- Experience (15+ years) in managing complex, highly technical security infrastructure environments, preferably in Financial Services or related verticals with significant Compliance and Regulatory requirements
- Experience (10+ years) in architecting, implementing, and managing large-scale cloud security engineering projects in Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)
- Master’s Degree in Information Security or Computer Science or Computer/Electrical Engineering, and/or equivalent field experience
Security Technology Expertise:
- Experience working with a range of security technologies: next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), proxy infrastructure, data loss prevention (DLP), web application firewalls (WAFs), privileged access management tools, endpoint security, network security, data encryption, vulnerability management tools, DNS security, etc.
- Experience with security analytics and SIEM tools for advanced continuous monitoring to review potential non-compliance and risks/threats
- Experience with Secure Software Development Life Cycle (S-SDLC), application security frameworks, design patterns, and assessment tools
- Extensive knowledge in DevOps and CI/CD pipeline management
- Extensive knowledge with the configuration and patterns of security controls and secure migration of enterprise applications to a public cloud provider
- Experience in developing in-depth security architecture standards, frameworks and design patterns in all aspects of the Cloud including the server, application, network, and data layers
- Experience working with Authentication and Authorization services
- Understanding of penetration testing and forensics best practices
- Experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF
Apply for this role
All fields marked with * are required.