Talent.com
Information Security Lead

Information Security Lead

ALM GlobalNew York, NY, United States
20 hours ago
Job type
  • Full-time
Job description

Join us for a bright future...Discover where your talent fits best at ALM!

Our network of more than 450+ employees globally is united by a shared understanding that the work we do makes a direct impact on the success of our customers and audiences. Our collaborative environment provides a vast amount of opportunities for career development. Our goal is to hire industry's top talent, offer growth opportunities and provide a fulfilling working environment.

Here at ALM, we are a customer-focused and market-driven company dedicated to the success of the customers we serve with our information products and marketing services and events. Across ALM, our teams deliver premium content to professionals in the legal, finance, real estate and insurance industries.

We promote and value innovation and an entrepreneurial spirit. We believe that integrity must be at the heart of everything we do. We foster an environment of trust and teamwork and believe that employee empowerment drives our progress and success as a business. We insist on quality and continuous improvement in all that we do. We have a winning attitude and seek to celebrate all of our successes ... big and small.

Salary Range : 100,000 - 107,000 USD Annually

The referenced salary range is based on the Company's good faith belief at the time of posting. Total compensation may vary based on factors such as geographic location, work experience, market conditions, education / training and skill level.

Role Purpose : The Information Security Lead is responsible for safeguarding the global Law Business Research and ALM organization's information assets across cloud, on-prem, and managed service environments. The role focuses on strengthening security controls, operating SOC processes, enhancing monitoring and detection capabilities, leading incident response, managing vulnerabilities, supporting compliance frameworks, and engineering security improvements across the UK and US.

Key Responsibilities

Security Operations & Monitoring (SOC)

  • Maintain and enhance the security posture across Microsoft 365, Azure, Intune, Defender, Sentinel SIEM, Cloudflare, and on-prem environments.
  • Monitor and triage security alerts, anomalous activity, and threat indicators.
  • Develop and tune SIEM dashboards, alerts, correlation rules, and automation playbooks.
  • Manage SIEM log ingestion and integrations.
  • Operate and optimise EDR, identity protection tools, DLP, conditional access, MFA, email security, and NGINX App Protect.
  • Oversee DNS and email authentication security (SPF, DKIM, DMARC).

Incident Response & Threat Handling

  • Lead technical response for global security incidents.
  • Perform forensic investigation, log correlation, and root-cause analysis.
  • Maintain, test, and enhance IR playbooks (e.g., ransomware, credential compromise, cloud intrusion, DDoS).
  • Coordinate incident communication with IT, leadership, vendors, and third-party responders.

    • Vulnerability Management & Penetration Testing

  • Lead the vulnerability lifecycle : scanning, prioritisation, reporting, and verification of remediation.
  • Maintain vulnerability dashboards and reporting.
  • Manage internal and external penetration testing programmes and track remediation.
  • Ensure CIS, NIST, and Microsoft Secure Score baselines are enforced.
  • Conduct regular privileged access, conditional access, and role-based access reviews.

    • Cloudflare, DNS & Network Security

  • Manage Cloudflare security controls (WAF, bot mitigation, DNS security, Zero Trust, SSL / TLS enforcement).
  • Analyse web traffic patterns for anomalies and potential threat activity.
  • Ensure Cloudflare and NGINX security controls align with enterprise standards.

    • Governance, Risk & Compliance (GRC)

  • Support compliance with ISO 27001 / 27002, NIST CSF, CIS Controls, GDPR, SOC 2, Cyber Essentials, DORA, and US regulatory requirements.
  • Maintain security policies, procedures, risk registers, and documentation.
  • Perform vendor and project risk assessments.
  • Support internal / external audits and evidence collection.
  • Assist with contractual, regulatory, and assurance requirements across both regions.

    • Cyber Essentials / Cyber Essentials Plus

  • Maintain CE and CE+ compliance, evidence gathering, configuration validation, and annual certification.
  • Ensure patching, MFA, endpoint security, and network controls remain compliant.

    • Cloud, M365 & On-Prem Security Management

  • Administer and monitor Azure and M365 security controls (conditional access, identity protection, Defender, Intune, sensitivity labels, retention policies).
  • Ensure secure configuration and monitoring of AD, networking, servers, and firewalls.
  • Oversee privileged access, admin roles, and access governance.

    • Security Architecture & Application Security

  • Conduct security assessments for new technology, SaaS applications, integrations, & infrastructure.
  • Collaborate with Development and Engineering teams on secure coding, dependency scanning, and vulnerability remediation.
  • Support secure project delivery across the organisation.

    • Awareness, Training & Culture

  • Deliver security awareness campaigns, phishing simulations, and targeted training.
  • Provide guidance to employees across UK and US operations.
  • Promote a strong security-first culture.

    • Continuous Improvement & Threat Intelligence

  • Track emerging threats, vulnerabilities, and regulatory changes.
  • Participate in tabletop exercises and resilience tests.
  • Identify opportunities for automation and operational improvement.
  • Support long-term roadmap planning with the Head of Information Security.

    • Required Experience

  • 5+ years' experience in information security, SOC operations, or cybersecurity.
  • Strong experience with Microsoft 365, Azure, Sentinel SIEM, Defender suite, EDR, Cloudflare, DNS security, and NGINX App Protect.
  • Demonstrated expertise in vulnerability management, penetration testing coordination, SIEM engineering, threat detection, incident response, and forensic analysis.
  • Strong skills in network security, DNS, email authentication, endpoint security, cloud IAM, and SaaS.
  • Experience working with infrastructure, cloud, and application engineering teams.

    • Frameworks & Standards

  • Knowledge of ISO 27001 / 27002, NIST, CIS, SOC 2, GDPR, DORA, & US security regulations.
  • Experience with policy development, control testing, risk assessments, and audit support.

    • Soft Skills

  • Excellent communicator with the ability to explain complex topics to technical and non-technical audiences.
  • Confident advising senior leadership across global regions.
  • Strong analytical and problem-solving skills.
  • Calm and structured during security incidents.

    • Preferred Certifications

  • Security+
  • AZ-500 (Azure Security Engineer)
  • SC-200 (Security Operations Analyst)
  • SC-300 (Identity & Access Administrator)
  • SC-400 (Information Protection)
  • GIAC, CEH, CySA+, or similar
  • Microsoft Sentinel 400

    • Why you should join ALM...

  • Generous Benefit Plans for Medical, Vision & Dental Coverage
  • 401(K) Plan With Match
  • Paid Time Off (Vacation, Personal Days & Sick Days)
  • Summer Fridays - Early Office Closure
  • Paid Holidays
  • Health Savings Account
  • Flexible Spending Accounts for Dependent Care & Medical Expenses
  • Parental Leave
  • Career Development Learning & Training Opportunities
  • Educational Assistance
  • Employee Referral Bonus
  • Employee Recognition Awards
  • Short-term & Long-term Disability Coverage
  • Flexible Work Schedules

    • ALM provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, veteran status, national origin, age, disability or genetics. In addition to federal law requirements, ALM complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

    Create a job alert for this search

    Information Security • New York, NY, United States

    Related jobs
    • Promoted
    Director - Cybersecurity & Network Security Vendor Lead

    Director - Cybersecurity & Network Security Vendor Lead

    Climb Global SolutionsEatontown, NJ, US
    Full-time
    The Cybersecurity Vendor Director will lead Climb’s North American cybersecurity and network security business unit for a leading global vendor, driving significant revenue growth within the ...Show moreLast updated: 3 days ago
    • Promoted
    Lead Information Security Engineer - Palo Alto Firewalls

    Lead Information Security Engineer - Palo Alto Firewalls

    Wells FargoIselin, NJ, United States
    Full-time
    Wells Fargo is seeking a Lead Information Security Engineer - Palo Alto Firewalls to join our Chief Technology Office (CTO). Learn more about the career areas and business divisions at wellsfargojob...Show moreLast updated: 2 days ago
    • Promoted
    Information Technology Specialist 2 Information Security

    Information Technology Specialist 2 Information Security

    New York State Civil ServiceBrooklyn, NY, United States
    Full-time +2
    Agency Information Technology Services, Office of.Title Information Technology Specialist 2 Information Security - 9935.Bargaining Unit PS&T - Professional, Scientific, and Technical (PEF).Salary R...Show moreLast updated: 4 days ago
    • Promoted
    Senior Director Analyst, Security Architecture and Cloud Security (Remote North America)

    Senior Director Analyst, Security Architecture and Cloud Security (Remote North America)

    GartnerStamford, CT, United States
    Remote
    Full-time
    What makes Gartner Research and Advisory a great fit for you?.You are a team player who values expert insights, bold ideas, and intellectual courage. You are always learning and looking to discover ...Show moreLast updated: 30+ days ago
    • Promoted
    Lead Information Security Engineer- Certificate Management Services

    Lead Information Security Engineer- Certificate Management Services

    Wells FargoIselin, NJ, United States
    Full-time
    Wells Fargo is seeking a Lead Information Security Engineer in Technology as part of the Chief Technology Office (CTO).Learn more about the career areas and lines of business at wellsfargojobs.The ...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Information Security Manager

    Information Security Manager

    Stellar HealthNew York, NY, United States
    Full-time
    Historically, US Healthcare has relied on a fee-for-service reimbursement system where providers are paid based on the quantity of patient visits and procedures, rather than the quality of health o...Show moreLast updated: 12 hours ago
    • Promoted
    Chief Information Security Officer

    Chief Information Security Officer

    Grayson Search PartnersCity of White Plains, NY, United States
    Full-time
    Grayson Search Partners provided pay range.This range is provided by Grayson Search Partners.Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.Chi...Show moreLast updated: 18 days ago
    • Promoted
    Information Security Engineer

    Information Security Engineer

    Northwell HealthLake Success, NY, US
    Full-time
    Information Security Engineer – Lake Success, NY – Responsible for managing ERP Cloud security and audits.Analyzes, designs, implements, and troubleshoots ERP security to manage user access and sys...Show moreLast updated: 3 days ago
    • Promoted
    Information Security Analyst

    Information Security Analyst

    Spectraforce TechnologiesNewark, NJ, United States
    Full-time
    Job Title : Information Security Analyst.Location : Newark, NJ (Hybrid 3 days onsite).Focus on highest risk controls first, then medium risk (definition in progress). Coordination with AppOwners and c...Show moreLast updated: 30+ days ago
    • Promoted
    Senior Information Security Compliance Professional

    Senior Information Security Compliance Professional

    FiservBerkeley Heights, NJ, United States
    Full-time
    Calling all innovators - find your future at Fiserv.We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world.We connect financial insti...Show moreLast updated: 30+ days ago
    • Promoted
    Lead, Info Security Systems Engineer

    Lead, Info Security Systems Engineer

    L3Harris TechnologiesClifton, NJ, United States
    Full-time
    Lead, Info Security Systems Engineer.L3Harris is dedicated to recruiting and developing high-performing talent who are passionate about what they do. Our employees are unified in a shared dedication...Show moreLast updated: 1 day ago
    • Promoted
    Information Security Analyst

    Information Security Analyst

    TradeJobsWorkForce07032 Kearny, NJ, US
    Full-time
    Monitor their organization’s networks for security breaches and investigate a violation when one occurs Install and use software, such as firewalls and data encryption programs, to protect sensitiv...Show moreLast updated: 30+ days ago
    • Promoted
    Agency Chief Information Security Officer

    Agency Chief Information Security Officer

    City of New YorkNew York City, New York, USA
    Full-time
    The CISO is responsible for maintaining an information risk management and cybersecurity program for the New York City Deferred Compensation Plan (the Plan). The CISO will work with all areas of the...Show moreLast updated: 2 days ago
    • Promoted
    • New!
    Information Security Governance Specialist - Vice President

    Information Security Governance Specialist - Vice President

    iCapitalGreenwich, CT, United States
    Full-time
    Capital is looking to hire a Vice President Information Security Governance Specialist.This individual will be a key person in iCapital's second line of defense team. The ideal candidate will suppor...Show moreLast updated: 12 hours ago
    • Promoted
    Senior Director - Security Infrastructure & Endpoint Protection

    Senior Director - Security Infrastructure & Endpoint Protection

    GartnerStamford, CT, United States
    Full-time
    Senior Director Analyst - Security Infrastructure & Endpoint Protection.What makes Gartner Research a GREAT fit for you?. You are a team player who values expert insights, bold ideas and intellectua...Show moreLast updated: 30+ days ago
    • Promoted
    Information Technology Specialist 4 Information Security

    Information Technology Specialist 4 Information Security

    StateJobsNYBrooklyn, NY, United States
    Permanent +1
    Duties Description ITS provides operational support to state agencies on a 24x7x365 basis; some positions may be required to provide this critical service at any time. Under the direction of senior ...Show moreLast updated: 6 days ago
    • Promoted
    Senior Specialist, Info Security Systems Engineer Secret - Clifton, NJ

    Senior Specialist, Info Security Systems Engineer Secret - Clifton, NJ

    L3Harris TechnologiesLITTLE NECK, New York, United States
    Full-time
    L3Harris is dedicated to recruiting and developing high-performing talent who are passionate about what they do.Our employees are unified in a shared dedication to our customers’ mission and quest ...Show moreLast updated: 14 days ago
    • Promoted
    Information Security Manager

    Information Security Manager

    Axinn, Veltrop & HarkriderNew York, NY, United States
    Full-time
    Experienced, tenacious, and always trial-ready, we are committed to understanding complex legal challenges that impact the future of our clients' businesses, globally. Focusing on antitrust, intelle...Show moreLast updated: 1 day ago