Information Security Manager

Information Security Manager New York NY Job ID: 19954 The Manager of Information security is responsible for the leadership and development of the Global Information Security program. Lead and Manage Engineering Team: Oversee a high-performing team of security engineers, driving the execution of security projects, incident response, and vulnerability management across systems and applications. Hands-on Technical Leadership: Directly engage in hands-on engineering tasks, including designing, implementing, and reviewing security architectures, tools, and systems to mitigate risk and strengthen infrastructure. Security System Development and Implementation: Take ownership of developing and deploying security solutions, including firewalls, intrusion detection systems, encryption technologies, and access control mechanisms. Threat Hunting and Vulnerability Management: Lead proactive threat hunting efforts and oversee vulnerability scanning, assessment, and remediation to identify and address security gaps before they impact the organization. Engineering Team Development: Cultivate and nurture a highly skilled security engineering team by mentoring, conducting knowledge sharing sessions, and promoting a culture of continuous improvement. Incident Response and Root Cause Analysis: Lead the technical response to security incidents, ensuring effective identification, containment, and resolution of threats, while conducting root cause analysis for long-term mitigation. Security Automation and Tooling: Drive the development and integration of automation solutions to improve the efficiency and effectiveness of security operations, including SIEM tools, incident management, and threat detection systems. Collaboration on Product Security: Partner with development teams to embed security in the software development lifecycle (SDLC), ensuring secure coding practices, conducting code reviews, and supporting secure application deployment. Security Architecture and Design Reviews: Conduct regular security reviews of system architectures and designs, ensuring that new projects and features adhere to security best practices and organizational objectives. Qualifications Minimum 10+ years of experience in Information Security with experience in enterprise scale threat management program such as threat hunting, incident response, forensics. Hands-on experience in designing and implementing technical solutions of IT Security tools at the enterprise level e.g. Endpoint Security, Network Security, SIEM modeling, Vulnerability Management, etc. Demonstrated hands-on experience in full cycle of incident response and post-incident activities including prevention steps and building detection alerts. Experience working with cyber threat intelligence and the Mitre ATT&CK framework. Experience with SIEM technologies, including administration and analyst operation of SIEM within SOC functionality. Ability to parse logs, create queries, and perform root cause analysis of events. Understanding of malware, emerging threats, attacks, and vulnerability management. Working experience on various security control technologies, such as IDS/IPS, Network and Host-based firewalls, DLP (Data Leakage Protection), encryption solutions, endpoint security Knowledge of networking components and various operating systems and cloud environments and understanding their security principles and technologies. Excellent communication skills, troubleshooting and analytical thinking skills, self-driven, multi-tasking, work collaboratively in a team environment, and willingness to adapt to change in dynamic, global environment are critical. Participate in a 247 Incident Response Team and available to work evenings and weekends as needed. Hands experience on cloud platform security (AWS, Azure) a plus Programming / scripting experience with Python, Powershell etc. a plus Bachelors Degree and current industry Certifications (must be current): Required: Certified Information System Security Professional CISSP Nice to have SAN: GIAC, GNFA, GCFA, GPEN, GCDA, GCIH, etc. Certified Ethical Hacker CEH Cisco certified Network Associate CCNA Cisco Information Security Specialist (CQS) Cisco Certified Firewall Specialist CQS Cisco IPS Specialist (CQS) If interested, please send your resume to Todd Grossman at: tgrossman@friedmanwilliams.com Tagged as: Information Security Manager #J-18808-Ljbffr