Senior Information Security Lead

Genesis Capital•Sherman Oaks, CA

5d•Onsite

About The Position

Genesis Capital (the “Company”) is one of the largest business purpose lenders in the country, focused on providing commercial real estate financing solutions to real estate developers who buy, renovate, and sell single-family and/or multi-family residential real estate. The Company is a subsidiary of Rithm Capital (parent company), a publicly traded mortgage real estate investment trust. The Senior Information Security Lead is a hands‑on senior individual contributor responsible for designing, operating, and governing Genesis Capital’s network and information security controls across a hybrid environment (Microsoft 365, Azure, AWS, and on‑prem). This role serves as the primary security control owner and internal audit gatekeeper for security‑relevant IT General Controls (ITGCs), including responsibility for SOX audit readiness, evidence quality, deficiency remediation, and risk exception governance. The position combines deep technical execution with independent judgment, strategic thinking, documentation rigor, and executive‑level communication, without managing a team. Principal Duties: ESSENTIAL FUNCTIONS include the following. Other duties may be assigned.

Requirements

Bachelor’s degree in Computer Science or related field, or equivalent experience.
7+ years of progressive experience in network security and information security within a regulated or sensitive environment (financial services strongly preferred).
Hands‑on experience securing Microsoft 365, Azure, AWS , and hybrid/on‑prem environments.
Strong expertise with firewalls , z ero trust , and vulnerability management
Strong knowledge of Windows/Linux, VMWare, SQL Server, Active Directory, and networking.
Demonstrated experience acting as primary audit contact and control owner for SOX or similar regulatory audits.
Working knowledge of ISO 27000, SOX, PCI, and GLBA control expectations.
Excellent written and verbal communication skills, including audit‑ready documentation and executive briefing
Ability to manage IT projects and support strategic initiatives.
Hands-on experience with SIEM systems and open-source security tools.
Independent ownership and accountability
Strong risk‑based judgment and business acumen
Ability to say “no” and document defensible decisions
Detail‑oriented with audit‑quality rigor
Comfortable operating as a senior individual contributor authority without formal management responsibilities

Nice To Haves

Experience with Juniper and Cisco/Meraki network switches, a plus.
Security certifications (preferred): CISSP, CISM, CCSP, or equivalent.

Responsibilities

Design, configure, and maintain enterprise network security controls, including Palo Alto firewalls , rulebases, segmentation, and secure connectivity patterns.
Own and operate the Netskope Zero Trust / SSE platform, including access policies, data protection rules, and monitoring.
Define and enforce network security standards (Zero Trust principles, segmentation, logging, egress controls) and validate adherence through configuration reviews and monitoring.
Perform regular firewall, SSE, and network control reviews to identify risk, over‑permissive access, and audit exposure.
Own the vulnerability management lifecycle using Qualys , including scan coverage, severity thresholds, remediation SLAs, and verification.
Assign and track remediation actions across IT teams; independently validate closure through rescans and evidence review.
Govern patching and hardening outcomes across infrastructure and cloud services, ensuring results meet security and audit requirements.
Enforce security‑related change control expectations, including documentation quality and emergency change review.
Enforce information security policies across Microsoft 365, Azure, AWS, and on‑premise systems , translating policy into enforceable technical controls.
Conduct security risk assessments for new systems, architecture changes, and third‑party integrations; document risks and required controls.
Operate and continuously improve security monitoring and alerting (including SIEM tooling where applicable).
Research emerging threats and technologies and recommend security improvements aligned to business risk.
Act as the single point of contact for internal and external auditors for SOX and security‑related audits .
Serve as named control owner for assigned security and infrastructure ITGCs, with responsibility for: Control design and documentation (narratives, procedures, evidence standards) Evidence completeness, accuracy, and timeliness Walkthroughs and auditor inquiries Deficiency analysis, remediation planning, and validation of closure Maintain audit‑ready documentation and evidence repositories throughout the year.
Act as the security approval authority for exceptions, compensating controls, and risk acceptances.
Document business justification, compensating controls, and expiration dates for accepted risks.
Escalate material or systemic risks to executive leadership with clear impact analysis and recommendations.
Lead technical incident response activities, including containment, root-cause analysis, and corrective action tracking.
Maintain incident response and disaster recovery documentation; coordinate testing, tabletop exercises, and lessons learned.
Conduct periodic phishing simulation testing and analyze results to drive targeted remediation.
Conduct quarterly User Access Reviews for SOX‑scoped applications and ensure timely remediation of findings.
Review identity, access, and protection reports to identify control weaknesses and audit exposure.
Prepare clear, executive‑level reporting on: Risk posture Vulnerability trends and mitigations Audit status and findings Control effectiveness and exceptions