• Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans • Maintain and continuously improve the Information Security Management System (ISMS) • Create, review, and maintain core security policies, standards, and procedures • Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR) • Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities • Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions • Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling • Maintain ISO 27001 certification and prepare for the 2027 recertification audit • Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping • Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions • Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed • Provide security oversight across Azure, AWS, and Google Workspace environments • Conduct access reviews and advise on identity and access management best practices • Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection) • Oversee VMware Workspace ONE MDM deployment and device security policies • Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles • Develop and maintain incident response plans and procedures • Lead incident response tabletop exercises and post-incident reviews • Provide guidance on business continuity and disaster recovery planning • Advise on vendor security assessments and third-party risk management • Design and deliver company-wide security awareness training programmes • Mentor and upskill internal staff on security best practices • Foster a security-first culture across all departments • Act as a trusted advisor to leadership on emerging threats and security trends • Report regularly to the CTO on security posture, risks, and programme progress • Prepare board-level security presentations as required (infrequent) • Support commercial teams by contributing to customer security discussions when escalated

• Serve as technical lead on secure system design and implementation tasks • Oversee application of DISA STIGs and RMF controls for enterprise systems • Lead vulnerability mitigation plans and POA&M closure efforts • Review system architecture for compliance with DoD and NIST requirements • Guide development of system security plans (SSP), risk assessments, and SARs • Represent cybersecurity engineering in design reviews and CCBs • Coordinate accreditation activities and ensure readiness for audits • Develop security engineering SOPs and process documentation • Advise stakeholders on emerging threats and mitigation strategies • Mentor junior engineers and analysts on secure system practices

Role Description This is a senior, hands-on role with intentionally broad scope. Cloud infrastructure, security operations, and regulatory compliance are consolidated into a single function rather than distributed across a large team — which means real ownership, direct access to leadership, and the ability to shape how security is built and operated at Prometheum. Prometheum is actively maturing its security function, and this role will be instrumental in shaping where it goes — you'll be building on an existing foundation and defining what comes next. The right candidate has worked in a lean, regulated environment before and is energized by breadth rather than frustrated by it. - Design and maintain secure AWS cloud infrastructure using Terraform and Terragrunt, focusing on IAM least-privilege, account isolation, and security guardrails across multiple AWS environments. - Manage AWS network security: VPC segmentation and design, Transit Gateway architecture, PrivateLink for service isolation, Network Firewall, and Route 53 Resolver for DNS security. - Manage and maintain Cloudflare infrastructure including DNS, WAF, and edge compute. - Architect and operate Cloudflare Zero Trust — including Access policies, Tunnel configuration for private network routing, Gateway egress filtering and DNS security policies, and WARP client deployment. - Manage and tune AWS-native security tooling: GuardDuty, Security Hub, Config, Inspector, CloudTrail, and WAF. - Integrate security controls into CI/CD pipelines (GitHub Actions) — including SAST, DAST, container image scanning, dependency vulnerability checks, and secrets detection. - Enhance container and workload security through image signing, admission controllers (Kyverno), runtime policies, and base image hygiene. - Manage dependency and patch lifecycle across Docker images, Helm charts, Terraform modules, and application packages. - Own and operate security monitoring and incident response: maintain SIEM/log aggregation pipelines, tune alerting for anomalous behavior and policy violations, lead root cause analysis, and document post-mortems. - Conduct and coordinate vulnerability assessments; track findings through to remediation. - Automate compliance checks and drift detection using infrastructure scanning and policy-as-code tooling. - Participate in on-call rotation to respond to security and infrastructure incidents. - Support SEC and FINRA compliance obligations by implementing and documenting technical controls, and partner with legal and compliance teams during audits and regulatory reviews. - Document infrastructure patterns, access controls, and security architecture for audit readiness. Qualifications - 7+ years of experience in information technology or cloud infrastructure. - 5+ years of experience in infrastructure, security engineering, or DevOps — with meaningful hands-on overlap across all three. - Strong AWS expertise across security-relevant services: IAM, VPC, GuardDuty, Security Hub, Config, CloudTrail, Secrets Manager, KMS, Network Firewall, and PrivateLink. - Production experience with Cloudflare Zero Trust — Access, Tunnel, Gateway, and WARP; familiarity with Cloudflare Workers or edge compute is a plus. - Solid AWS networking knowledge: VPC design and segmentation, Transit Gateway, PrivateLink, Route 53 Resolver, and Network Firewall in a multi-account environment. - Strong Infrastructure-as-Code skills using Terraform and Terragrunt. - Hands-on experience securing CI/CD pipelines: SAST, container scanning, secrets detection, and policy gates in GitHub Actions or similar. - Experience operating a security observability stack; Datadog is our current platform and familiarity with it is a plus. - Experience operating in a regulated financial services environment and the compliance obligations that come with it. - Experience with vulnerability management lifecycle: scanning, prioritization, tracking, and remediation. - Proficiency in at least one scripting or programming language: Python, Go, Bash, or TypeScript. - Strong written communication skills — able to produce documentation that satisfies both engineering and audit audiences. Requirements - Kubernetes/EKS experience at any depth — even working familiarity is valued. - Experience with blockchain infrastructure or digital asset platforms. - Any of the following certifications are valued but not required: AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Kubernetes Security Specialist (CKS). - Experience with AI-assisted tooling in DevOps or security workflows. - Background contributing to or managing vendor security reviews and third-party risk assessments. - Experience working in a highly regulated financial services environment — broker-dealer, RIA, ATS, or custodian — with direct exposure to SEC or FINRA examinations. - Familiarity with Regulation S-P breach notification workflows, FINRA Rule 4530 incident reporting, or AML/BSA technical control implementation. Benefits - Competitive salary based on experience. - Excellent benefits including: Health, Vision & Dental Insurance. - Fully remote position with equipment provided. - Prometheum is an equal opportunity employer. - Prometheum will only contact candidates from an official @prometheum.com email.

• Develop bespoke IAM solutions together with our clients to meet their specific requirements. • Implement and configure state-of-the-art IAM technologies such as One Identity, ForgeRock, or Ping Identity. • Advise clients throughout the entire project lifecycle and actively contribute your expertise. • Conduct workshops and training sessions to familiarize clients with IAM best practices. • Occasionally travel to client sites to provide on-site consulting and support.