• Primarily responsible for OT security event monitoring, management, and response • Create an IS reference architecture for our OT networks • Work with OT engineering team, as well as with SOC team and verify that the reference architecture fits the business processes and requirements • Work with OT engineering teams for defining security controls for their on-going projects • Provide technical guidance to the GRC team with assessing OT 3rd party vendor and supply chain • Integrate with OT engineering projects and verify that the required IS controls are properly implemented • Revise and develop processes to strengthen the current OT Security Operations Framework, review policies and highlight the challenges in managing SLAs • Perform threat management, threat modeling, identify threat vectors and develop use cases for OT security monitoring including red\blue penetrations tests • Responsible for developing, configuring, and maintaining OT security automation and orchestration IR’s and tools. • Creation of reports, dashboards, metrics for OT security operations and presentation to Sr. Mgmt. • Create required standards and procedures (i.e. IS purchasing standard, sanitization process) in coordination with all relevant stakeholders

• Perform cybersecurity risk assessments on complex, enterprise organizations. • Identify and evaluate security misconfigurations and vulnerabilities while considering compensating controls and operational needs across the aforementioned systems and services. • Analyze the potential impact and likelihood of identified risks across different environments (on-prem, cloud, hybrid). • Write highly detailed technical reports on the findings, mitigation strategies, compensating controls, and methodology that can then be digested by both an executive and technical audience. • Create and conduct technical reviews of various highly detailed cybersecurity testing reports. • Research and stay up to date with the latest testing techniques, tools, and methodologies. • Present reports to customers and discuss nuanced technical recommendations, with the expectation of leading customer presentations within 3 months. • Discuss with, collaborate with, and train teammates from the Cybersecurity Red Team around various tools and techniques associated with cybersecurity risk assessment. • Assist team members on other projects and engagements, such as Social Engineering, Network Penetration Testing, and Vulnerability Review.

• Assist in the development of compliance programs • Support the Risk Management team • Help prepare reports and documentation for audits • Collaborate with various teams to enhance security measures

• Contributing to establishing strategic information security objectives across Paystack. • Contributing to the strategic direction for Security Governance, Risk Management, and Compliance that aligns with the overarching Security objectives of the company • Understanding the unique challenges of securing the Paystack platform across different markets and demographics • Identifying control gaps and testing the design of existing controls • Determining risk management controls and recommending improvements to company-wide controls • Ability to work effectively with a team to execute various security projects, evaluate controls, and plan around solutions • Ability to communicate effectively • Ability to own and manage portions of the security program and provide consistent status updates to Security Leadership regarding progress against objectives • Raise accountability by escalating issues in a timely manner and creating and maintaining detailed documentation • Stay up-to-date with trends in the information security community • Operate with a sense of ownership, urgency, and drive • Ability to distill controls across multiple regulatory requirements and frameworks for visibility into defence mechanisms, strengths, and gaps • Contribute to the development of our Internal vendor risk management program; this involves working with vendors and partners to ensure they have appropriate controls in place • Documenting exceptions to establish security policies, guidelines, and standards; ensuring exceptions are reviewed periodically • Collaborate on internal communications for information security messaging for the enterprise. • Work with security leadership to develop a strategy for security training and awareness programs.