• Developing and refining internal red team scripts, tools, and methodologies to enhance offensive security operations. • Research, validate, and exploit known attacks, vulnerabilities, and security weaknesses using custom-built or existing tools. • Conduct thorough Red Team assessments targeting on-premises infrastructure, cloud environments, and enterprise threat landscapes. • Identify vulnerabilities across software, systems, networks, and business logic through simulated adversarial tactics. • Design and execute complex threat emulation scenarios incorporating physical, social engineering, and digital attack vectors. • Produce detailed, accurate, and actionable reports and presentations tailored for both technical teams and executive leadership. • Collaborate closely with other security teams to support remediation efforts and improve overall security posture. • Stay current with emerging threats, attack techniques, and security technologies to continuously evolve red team capabilities. • Conduct Purple Team exercises in collaboration with partner security teams to identify and improve the organization's security posture.

• Develop and implement the organization's information security strategy. • Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters. • Represent the organization in security-related matters with external parties, including vendors and auditors. • Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement security initiatives. • Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems. • Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members. • Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO. • Manage internal and external security audits, including evidence collection and preparation. • Oversee the evidence collection process for audits, working with third-party auditors for response submission. • Work closely with business development and legal to assist with security compliance requirements. • Assist with identifying and implementing international security compliance. • Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure. • Ensure policies are communicated and enforced throughout the organization, including through security awareness training. • Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems. • Monitor security alerts and respond to incidents, including phishing attempts reported through various tools. • Lead and mentor the security team, reviewing tasks and responsibilities while working closely with the DevOps team members. • Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts. • Perform vendor audits and maintain required documentation. • Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS, and internal training programs. • Provide onboarding training for new employees. • Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.

• Serve as an acting CISO for portfolio companies when needed • Build or mature cyber programs, including strategy, roadmap, governance • Run or oversee major incidents, bringing structure and calm during chaotic situations • Assess cyber maturity, identify improvements, and develop action plans • Design and execute end to end security programs across various dimensions • Advise CEOs and boards on cyber strategy and organizational design

• Plan, prepare and perform Internal Evaluation Program (IEP), Compliance Monitoring, OSHA (Federal and State), DOT Drug and Alcohol Program, and Security Program audits IAW Aero’s Safety Management System (SMS), Company Security Manual (CSM), Ground Safety Program, Anti-Drug and Alcohol Misuse Prevention Program (ADAMP), as well as all applicable federal, state and local regulations. • Ensure company procedures comply with federal and state regulations as well as corporate policies. • Conduct in briefs & out briefs with organizational leadership. • Identify and document audit results and create reports. • Identify and document non-conformities. • Input and manage audit data via Aero’s SMS platform. • Analyze IEP Data trends to identify organizational top risks and areas for improvement. • Recommend policy and procedures changes for process improvements to safety and security leadership. • Communicate findings with all levels of organizational leadership. • Monitor and verify that audits and FAA inspection findings are corrected promptly and that corrective actions are effectively implemented in day-to-day operations. • Maintain knowledge of applicable standards, laws, and regulations, and update internal processes as regulatory requirements change. • Support regulatory compliance duties, including VDRP related follow-ups, regulatory correspondence, and special investigations as requested by safety department leadership. • Other tasks as set forth by the safety department leadership. • Travel up to 50% of the time may be required.