• Help build and scale a forward-looking security program • Ensure security of data and client’s digital assets • Work on various information security projects • Identify and evaluate risk to the Information Security Program • Create and improve controls to manage operational risks • Contribute to the long-term strategy of Information Security Team

• Support the design and configuration of enterprise information systems in alignment with security standards and requirements • Review and improve the security posture • Review new and existing system security plans • Participate in architecture reviews • Create and refine threat models • Offer technical guidance to minimize security risks • Oversee the execution of cybersecurity initiatives • Collaborate with other teams and serve as a subject matter expert while adhering to best security practices

• Ensure the security and safety of all business information, both at rest and in transit. • Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements. • Partner with engineering and DevOps on secure architecture. • Partner with Compliance and Legal on regulatory requirements. • Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security. • Manage Infrastructure Security. • Enhance and maintain the current network per IT policy. • Analyze security breaches to determine root cause, then mitigate any discovered issues. • Participate in architecture reviews and provide security approvals. • Manage security incident policy and response plan execution. • Provide quarterly and security assessment reviews. • Conduct all 3rd party vendor security assessment. • Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.). • Maintain and administer security awareness training curriculum for employees. • Lead certification efforts for SOC 2, SOX ITGC Audits. • Work cross-functionally within the company to fulfill security requirements.

• Lead and manage Kong Cybersecurity Programs across OCISO • Establish, develop and track KPIs • Collaborate with engineering, product, and business stakeholders to define, prioritize, and deliver technical solutions. • Present complex technical challenges and resolutions to leadership and stakeholders. • Stay current on regulatory and industry standards (for example, ISO 27001, PCI-DSS, FedRAMP, NIST 800-53) to inform risk and control strategies. • Build strategies for issue and risk mitigation, contingency planning, and compliance adherence. • Demonstrate ownership and autonomy in managing programs and delivering high-quality results.