• Provide research and administrative support to the Center for Peace and Security in the Middle East. • Gather and analyze data for inclusion in reports and articles. • Write literature reviews using gathered data. • Keep the expert and team up to date on current events. • Assist the expert with research projects and presentations. • Assist with articles, op-eds, reports, and briefing memos. • Create databases of department contacts. • Assist with administrative tasks and event support.

• Own the organization’s security posture end-to-end. • Define and maintain the security strategy, roadmap and operating model aligned to the business goals. • Establish security policies, standards and secure-by-default guardrails. • Own security exception handling and ensure compensating controls are documented and monitored. • Lead response to security incidents and coordinate internal/external stakeholders. • Implement and oversee controls such as IAM, MFA, least privilege, endpoint security, patching and secure configuration baselines. • Embed security into SDLC and perform/enable threat modeling and security reviews.

• Contribute to the maintenance and improvement of the Information Security Management System (ISMS) • Oversee operational follow-up of compliance requirements (ISO 27001, SOC 2, GDPR, NIS2…) • Participate in document management, reporting and coordination of information security-related actions • Support the CISO in preparing audits, client questionnaires and external controls • Contribute to updating the information security risk mapping (threat identification, assessment, prioritization) • Monitor remediation plans and ensure progress with the relevant teams • Prepare governance materials (security committees, dashboards) • Participate in employee awareness activities (internal communications, guides, short training sessions)

• You will partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): • Participating in the implementation efforts • Doing security reviews • Helping with product design decisions • Auditing and surfacing vulnerabilities in our current products • Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions. • Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy • Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default • Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence • Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.