Legal Staff Information Technology in New York City, NY

Law Firm

New York City, NY

Legal Staff Information Technology in New York City, NY

Legal Staff

No

Job Title
Senior Manager, Infrastructure Security

Job Responsibilities
The Senior Manager, Infrastructure Security is tasked with developing and leading a comprehensive global security program focused on infrastructure, data loss prevention (DLP), and cloud security. The role involves overseeing a team responsible for designing, implementing, and managing firm-wide security controls. Key responsibilities include:
- Developing and maintaining an enterprise security strategy and roadmap aligning with business objectives and risk management priorities.
- Leading the implementation and operation of solutions for monitoring, prevention, and mitigation across infrastructure, DLP, and cloud environments.
- Overseeing the design and enforcement of security controls, including zero trust architecture, least privilege principles, segmentation, and secure configuration management.
- Leading the selection, deployment, and management of relevant security tools and technologies.
- Ensuring the integration of security controls into public, private, and hybrid cloud platforms.
- Partnering with IT teams to ensure secure architecture, deployment, and ongoing operations for infrastructure and cloud environments.
- Ensuring timely detection, investigation, and remediation of threats and vulnerabilities.
- Developing and maintaining policies, standards, and procedures related to infrastructure, DLP, and cloud security.
- Monitoring systems for anomalies, unauthorized access, and policy violations, and taking corrective actions as necessary.
- Partnering with SOC, IR, and VM teams to respond to and resolve security incidents and vulnerabilities.
- Providing leadership, direction, and mentorship to the security operations team.
- Staying informed of industry best practices, threat landscapes, and emerging technologies to improve the firm's security posture and operational maturity.
- Maintaining compliance with regulatory, privacy, and audit requirements, including ISO 27001, NIST, GDPR, and client-imposed security obligations.
- Delivering reporting and dashboards to provide visibility into risk patterns, policy compliance, and remediation effectiveness.
- Implementing technical controls and solutions to remediate cyber risks identified in assessments, audits, and testing.
- Collaborating with and influencing cross-functional IT stakeholders to adopt a security-first mindset and close identified gaps.
- Reporting on key security KRI/KPI metrics and performance indicators.
- Analyzing data to identify risks, trends, and opportunities for process improvement.
- Promoting a secure-by-design framework across development and operational lifecycles.
- Making decisions and recommendations based on risk assessments and industry best practices.

Education and Experience Information
Required:
- Bachelor's degree in information security, IT, risk management, related discipline, or equivalent experience.

Preferred:
- Professional certifications such as CISSP, CISM, or similar.

Skills and Experience:
- 10-15 years of experience in IT or Information Security, with at least 5 years in a leadership role focused on infrastructure, DLP, or cloud security.
- Proven ability to build and lead enterprise security programs at scale, ideally in a hybrid or cloud environment.
- Deep understanding of technical security domains: infrastructure protection, endpoint management, cloud security, and data loss prevention.
- Experience implementing and managing security tools (., firewalls, DLP platforms, CSPM tools, container security platforms, endpoint protection, etc.).
- Familiarity with cloud platforms (AWS, Azure, GCP) and their native security controls.
- Strong understanding of NIST, ISO 27001, Cloud Controls Matrix, and regulatory standards related to security operations.
- Experience conducting risk assessments, policy development, incident response, and vulnerability remediation.
- Passion for innovation, automation, and continuous improvement.
- Excellent interpersonal, leadership, and communication skills.
- Ability to manage multiple priorities, make sound decisions under pressure, and communicate effectively with both technical and business audiences.
- Strong analytical mindset and continuous learning orientation.

Salary Information
The estimated base salary range for this position is $190,000 to $220,000 at the time of posting. The actual salary offered will depend on a variety of factors, including the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt, meaning it is not overtime pay eligible.