Senior Information Security Lead

Genesis Capital (the "Company") is one of the largest business purpose lenders in the country, focused on providing commercial real estate financing solutions to real estate developers who buy, renovate, and sell single‑family and/or multi‑family residential real estate. The Company is a subsidiary of Rithm Capital (parent company), a publicly traded mortgage real estate investment trust. The Senior Information Security Lead is a hands‑on senior individual contributor responsible for designing, operating, and governing Genesis Capital’s network and information security controls across a hybrid environment (Microsoft 365, Azure, AWS, and on‑prem). This role serves as the primary security control owner and internal audit gatekeeper for security‑relevant IT General Controls (ITGCs), including responsibility for SOX audit readiness, evidence quality, deficiency remediation, and risk exception governance. The position combines deep technical execution with independent judgment, strategic thinking, documentation rigor, and executive‑level communication, without managing a team. Network Security (Hands‑On Ownership) Design, configure, and maintain enterprise network security controls, including Palo Alto firewalls, rulebases, segmentation, and secure connectivity patterns. Own and operate the Netskope Zero Trust / SSE platform, including access policies, data protection rules, and monitoring. Define and enforce network security standards (Zero Trust principles, segmentation, logging, egress controls) and validate adherence through configuration reviews and monitoring. Perform regular firewall, SSE, and network control reviews to identify risk, over‑permissive access, and audit exposure. Vulnerability & Configuration Risk Management Own the vulnerability management lifecycle using Qualys, including scan coverage, severity thresholds, remediation SLAs, and verification. Assign and track remediation actions across IT teams; independently validate closure through rescans and evidence review. Govern patching and hardening outcomes across infrastructure and cloud services, ensuring results meet security and audit requirements. Enforce security‑related change control expectations, including documentation quality and emergency change review. Information Security Controls & Governance Enforce information security policies across Microsoft 365, Azure, AWS, and on‑premise systems, translating policy into enforceable technical controls. Conduct security risk assessments for new systems, architecture changes, and third‑party integrations; document risks and required controls. Operate and continuously improve security monitoring and alerting (including SIEM tooling where applicable). Research emerging threats and technologies and recommend security improvements aligned to business risk. SOX & Internal Audit Gatekeeper Act as the single point of contact for internal and external auditors for SOX and security‑related audits. Serve as named control owner for assigned security and infrastructure ITGCs, with responsibility for: Control design and documentation (narratives, procedures, evidence standards) Evidence completeness, accuracy, and timeliness Walkthroughs and auditor inquiries Deficiency analysis, remediation planning, and validation of closure Maintain audit‑ready documentation and evidence repositories throughout the year. Risk Exception & Decision Authority Act as the security approval authority for exceptions, compensating controls, and risk acceptances. Document business justification, compensating controls, and expiration dates for accepted risks. Escalate material or systemic risks to executive leadership with clear impact analysis and recommendations. Incident Response, DR & Resilience Lead technical incident response activities, including containment, root‑cause analysis, and corrective action tracking. Maintain incident response and disaster recovery documentation; coordinate testing, tabletop exercises, and lessons learned. Access Governance & Security Awareness Conduct periodic phishing simulation testing and analyze results to drive targeted remediation. Conduct quarterly User Access Reviews for SOX‑scoped applications and ensure timely remediation of findings. Review identity, access, and protection reports to identify control weaknesses and audit exposure. Reporting & Executive Communication Prepare clear, executive‑level reporting on risk posture, vulnerability trends and mitigations, audit status and findings, and control effectiveness and exceptions. Education & Experience Bachelor’s degree in Computer Science or related field, or equivalent experience. 7+ years of progressive experience in network security and information security within a regulated or sensitive environment (financial services strongly preferred). Hands‑on experience securing Microsoft 365, Azure, AWS, and hybrid/on‑prem environments. Strong expertise with firewalls, zero trust, and vulnerability management. Strong knowledge of Windows/Linux, VMWare, SQL Server, Active Directory, and networking. Demonstrated experience acting as primary audit contact and control owner for SOX or similar regulatory audits. Working knowledge of ISO 27000, SOX, PCI, and GLBA control expectations. Experience with Juniper and Cisco/Meraki network switches, a plus. Excellent written and verbal communication skills, including audit‑ready documentation and executive briefing. Ability to manage IT projects and support strategic initiatives. Hands‑on experience with SIEM systems and open‑source security tools. Additional Skills Required Independent ownership and accountability. Strong risk‑based judgment and business acumen. Ability to say "no" and document defensible decisions. Detail‑oriented with audit‑quality rigor. Comfortable operating as a senior individual contributor authority without formal management responsibilities. By applying to this position candidate acknowledges that this is not a remote role and is required to be on‑site. Compensation Range: $125,000 - $165,000 annual. Equal Employment Opportunity. We’re proud to be an equal opportunity employer and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. #J-18808-Ljbffr