Glocomms
Lead Information Security Analyst (San Francisco County)
Glocomms, San Francisco, California, United States, 94133
A global consumer brand is seeking a Lead Information Security Analyst to lead enterprise-wide cybersecurity initiatives and elevate their security posture across both cloud and on-premises environments.
Key Responsibilities
Architect, deploy, and manage security solutions aligned with business goals and regulatory requirements.
Lead strategic initiatives including Data Loss Prevention (DLP), Zero Trust architecture, Cloud Security, Network Segmentation, IAM, and Endpoint Security modernization.
Oversee email protection platforms and gateway solutions to defend against phishing, malware, and data exfiltration.
Implement DNS security controls to mitigate domain hijacking and malicious communications.
Conduct threat detection, incident response, and post-incident analysis to ensure rapid containment and recovery.
Manage vulnerability assessment and remediation programs, providing visibility into risk posture for leadership.
Develop and refine incident response and disaster recovery plans to minimize disruption and enhance resilience.
Establish and enforce security policies and standards based on frameworks such as NIST, CIS, ISO 27001, and SOX.
Collaborate with IT, DevOps, and business units to embed security into system architecture and development pipelines.
Lead security awareness initiatives to foster a culture of vigilance and reduce human-related risk.
Continuously assess and improve security maturity through innovation in tools, processes, and governance.
Utilize automation and orchestration to streamline detection, response, and compliance efforts.
Mentor junior team members and advise cross-functional groups on secure design principles.
Stay current on emerging threats and technologies to proactively strengthen defenses.
Qualifications and Skills
Bachelor's degree in Computer Science, Cybersecurity, or related field (Master's preferred).
7+ years of progressive experience in security engineering, architecture, or operations.
Deep expertise in data protection, cloud security, email/DNS security, and identity management.
Hands-on experience with Microsoft 365 security tools and email gateway platforms.
Familiarity with DNS filtering and protection solutions.
Proven success in leading awareness programs and advancing security maturity.
Strong grasp of Zero Trust, vulnerability management, endpoint protection, and automation.
Knowledge of security frameworks (NIST CSF, CIS Controls, ISO 27001, SOX).
Experience with multi-cloud environments and DevSecOps practices.
Scripting or automation skills (Python, PowerShell, Bash) preferred.
Relevant certifications such as:
CISSP, CISM, GIAC Microsoft Cybersecurity Architect Expert or Security Operations Analyst AWS Security Specialty CompTIA Security+, CySA+, CASP+ Azure Security Engineer Associate
Excellent communication and leadership skills with the ability to influence across teams.
CISSP, CISM, GIAC Microsoft Cybersecurity Architect Expert or Security Operations Analyst AWS Security Specialty CompTIA Security+, CySA+, CASP+ Azure Security Engineer Associate
Excellent communication and leadership skills with the ability to influence across teams.