Information Security Lead

Information Security Lead

Job Description

Copper Hill is seeking an experienced Information Security Lead with a strong background in Azure application security and SOC 2 compliance. This role will drive security initiatives, oversee compliance efforts, and implement security best practices across cloud and on-premises environments.

Key Responsibilities

• Lead security strategy and implementation for Copper Hill, focusing on Azure application security, identity and access management (IAM), and compliance with SOC 2 requirements.
• Oversee and manage security monitoring tools, including SentinelOne, Azure Security Center, Microsoft Defender for Cloud and Meraki tools.
• Conduct and lead security assessments of Azure-hosted and third-party applications, identifying vulnerabilities and recommending mitigation strategies.
• Define and enforce security policies, procedures, and best practices aligned with SOC 2, ISO 27001, and other regulatory frameworks.
• Collaborate with DevOps and development teams to integrate API/Web application security best practices into CI/CD pipelines and cloud architecture.
• Respond to and lead incident response, security investigations, and threat analysis to ensure rapid mitigation and resolution.
• Stay current on emerging security technologies, compliance requirements, and evolving threat landscapes.
• Develop and deliver security training and awareness programs for employees and leadership.
• Maintain and improve incident response plans, security documentation, and compliance reports.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5 years of experience in cybersecurity, including 1 years in a leadership role.
• Strong expertise in Azure security, including Azure AD, Azure Policy, Defender for Cloud, Key Vault, and App Service security.
• Hands-on experience with SOC 2 compliance, security audits, and evidence collection.
• Knowledge of secure coding, DevSecOps methodologies, and application security principles.
• Experience with EDR/XDR solutions (e.g., SentinelOne), network security (e.g., Meraki), and Office 365 security tools.
• Proficiency in scripting and automation (PowerShell, Python) for security tasks.
• Relevant security certifications preferred: Microsoft Azure Security Engineer Associate, CISSP, CCSP, CISM.
• Strong understanding of IAM, zero trust architecture, and cloud security frameworks.
• Excellent analytical, problem-solving, and communication skills.

Key Skills

• Azure Security & Identity Management
• SOC 2 & Regulatory Compliance
• Incident Response & Threat Analysis
• Security Architecture & Policy Development
• DevSecOps & Secure Coding Practices
• Security Automation & Scripting (PowerShell, Python)

This position offers a unique opportunity to drive security leadership within Copper Hill, ensuring robust protection of applications and data while maintaining compliance with key security frameworks.