Director of Information Security

Location: New York

Contact(s): Tracey Breslin

The Director of Information Security will report directly to the Chief Information Officer and take ownership of the information security and risk management program.  The Director of Information Security will also work with senior IT management and the Firm’s expert security vendors on the design, ongoing implementation, operation, and maintenance of the information security and risk management posture.  They will also take primary responsibility for implementing and maintaining the proper frameworks and associated audit processes considering ISO 27001, 90001, 27015 and SOC2 TypeII and Software Development Lifcycle/DevOps.

Additionally, the incumbent will manage a team responsible for developing and implementing protocols that comply with established policies, procedures and standards of the specified area of Information Security. Will effectively collaborate with other members of the team, customers and/or stakeholders to align work efforts, develop/execute tactical plans that enable successful business operations.

Primary Responsibilities

  • Reports to and takes direction from the Chief Information Officer.
  • Manage all aspects of Information Security, and working closely with the Director of Records and Information Governance on Data Privacy Compliance, Information Governance Coordination and Information Risk Auditing, including Client Audits, Internal, External, and Vendor Assessments
  • Work with management to define and maintain information security policies and procedures.
  • Coordinate all information security education and awareness programs through an Information Security Awareness Plan aligned to roles and responsibilities.
  • Work with internal audit and other stakeholders as appropriate on security assessments, compliance matters, and audits.
  • Drive security and risk management initiatives and project execution as required.
  • Track latest IT security innovations and keep abreast of latest cyber security technologies and risks.
  • Assist in the security-related planning for all future IT strategic initiatives as well as operational reporting and scorecards.
  • Develops and advises on IT Security budget and manages spend within the cost structure.
  • Hands-on management of the installation, configuration, administration, maintenance, and support of Information Security products. Major areas of responsibility are:
    • Firewalls, SOC services and URL filtering
    • Outsourced services: remote monitoring and Pen Tests, expert security firms and retainer firm, posture partner, etc.
    • Dual Factor Authentication, next-gen antivirus, logging and affiliated Security stack applications and tasks
    • Security Questionnaires, ISO, Policies & Procedures
    • phishing technology and testing and training
  • Build a team-based work environment; establish performance expectations and conduct regular performance evaluations; provide recognition and rewards; and coaching for success and improvement.
  • Managing expert security firms, retainer firms, outsourced services

Additional Responsibilities

  • Maintain the practice of continuous improvement and education
  • Serves as an internal consultant assisting in the areas of Infrastructure Operations planning as it relates to the Information Security systems.
  • Maintain professional and technical knowledge by reviewing relevant professional publications
  • Comfortably interact with all levels of the partnership and staff


  • BS in Computer Science, Engineering or relevant work experience
  • 7+ years of experience in relevant technology and business skills
  • Preferred certifications: CISSP and/or SANS.
  • Ability to work in teams of highly skilled technical professionals
  • Ability to analyze and resolve complex issues
  • Must be able to multitask and work in a fast paced environment
  • Strong analytical skills
  • Capable of grasping new concepts without prior experience
  • Self-motivator, independent, cooperative, flexible and creative
  • Ability to travel or work overtime, as needed
  • Excellent oral and written communication skills and interpersonal skills as necessary to communicate and coordinate with others on both routine and non-routine matters.

Technical Skills

  • Knowledge of firewall, syslog and inline IPS analysis
  • Proven hands-on experience with Cisco/Paolo Alto and knowledge of IP networking and network security including DMZ, encryption, IPSec, PKI, VPNs, MPLS/VPN, Site to Site VPN tunnels, SSL/VPN,
  • Support remote access and multi-factor technologies to internal/external users.
  • Knowledge of modern Endpoint Protection & Endpoint Encryption.
  • Overall central management of URL filtering.
  • Familiar with Network scanning, NDS
  • Experience troubleshooting end to end network connectivity using command line tools. (ex. PCAP, Wireshark, tcp dump, snoop etc.)
  • Familiar and have had pen-testing experience against common network topologies and implementations (e.g., Infrastructure, DMZs, Zones, Wireless, etc.), Red Team tools
  • Prior experience identifying security incidents, provide supporting information to clients, and support the client through containment and remediation, working on and improving Incident Response
  • Support incident response management processes and security monitoring alerts in preventing internal / external hackers from compromising client's data and assets; honey pots; obfuscation, PII and DLP
  • Understand the latest threat techniques and support appropriate countermeasures, configurations and awareness. Membership groups, law enforcement (local and federal)
  • Understanding of key security technologies such as encryption, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.
  • Familiarity with control frameworks (e.g., ISO, CobiT, SOC2 TypeII, and NIST).




The anticipated annual base salary range for this position is $275,000 to $300,000. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the applicant, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location from which the applicant will be performing the job.


EEOC: Cadwalader is an equal opportunity employer.    We offer opportunities to all qualified persons regardless of race (including traits historically associated with race, such as, but not limited to, hair texture and protective hairstyles), color, religion, sex, gender, sexual orientation, gender identity and expression, pregnancy (including childbirth, lactation, and related medical conditions), reproductive health decisions, national or ethnic origin, age, disability, marital status, status as a veteran, genetic information or predisposition, or status in any group protected by applicable federal, state or local law.