• Monitor security alerts and logs from SIEM, EDR, and cloud security tools • Investigate and respond to security incidents (triage, containment, remediation) • Perform vulnerability assessments and support remediation efforts • Assist in security hardening of systems, networks, and cloud environments • Review access controls, permissions, and identity configurations • Participate in security audits, risk assessments, and compliance activities • Develop and maintain security documentation, procedures, and playbooks • Collaborate with DevOps and engineering teams to embed security best practices • Stay up to date with emerging threats, vulnerabilities, and attack techniques

• Develop and implement a strategic vision for information security, aligned with business objectives and focused on the continuous improvement of the area's processes and controls. • Manage contracts, assets, and services related to information security, ensuring their optimal efficiency. • Define information security standards and policies to protect information assets and support business continuity. • Ensure regulatory compliance applicable to the company and adherence to industry best practices. • Collaborate with technology teams to define and implement effective security integration strategies across the development lifecycle, from design through production. • Analyze and respond to information security incidents, map threats and vulnerabilities, and develop projects to prevent or remediate them. • Lead risk management, threat modeling, and impact assessments for new products, features, and partnerships. • Lead training and enablement programs to build a strong security culture across the company. • Provide support for internal and external audits. • Evaluate and monitor security KPIs, keeping leadership informed about the maturity of the information security program. • Respond to requests and support the provision of the company's ISMS (SGSI) information to clients and other stakeholders as needed.

• Operate and maintain security compliance processes across ISO 27001, SOC 2, NIST, CIS, GDPR, and other relevant frameworks. • Collect, analyze, and validate technical compliance evidence from systems, applications, and security platforms. • Use SIEM and other monitoring tools to review logs, configurations, and control effectiveness. • Support internal and external audits by preparing evidence, coordinating with stakeholders, and responding to auditor requests. • Contribute to security control testing, system hardening reviews, and validation of technical baselines. • Collaborate with internal stakeholders to ensure compliance requirements are integrated into operations and projects. • Support responses to customer security questionnaires and due diligence requests as needed. • Maintain documentation of compliance processes, evidence repositories, and audit history. • Monitor changes in regulatory and framework requirements, recommending updates to controls or processes as required. • Assist in developing metrics and reports on compliance status for leadership review.

• Lead the design, planning, and delivery of security projects spanning cloud infrastructure (primarily Azure), web application security, secure coding practices, application code reviews, GenAI/Agentic AI security controls, and security for global, multi-region/diverse infrastructure. • Coordinate closely with engineering, architecture, DevOps, product, and international teams to define requirements, align dependencies, and drive risk reduction through mature security practices. • Perform hands-on implementation, automation, and maintenance of security solutions, including vulnerability management, policy-as-code, automated remediation workflows, secure-by-design frameworks, web application firewalls, code scanning, and runtime protection. • Provide technical coordination on securing web applications (e.g., OWASP Top 10 mitigation, secure headers, input validation), application code (secure coding standards, SAST/DAST/IAST integration), threat modeling (e.g., STRIDE), SDLC security integration, and compliance with SOC 2, ISO 27001, and UK GDPR requirements. • Ensure security controls and processes support global operations, including data sovereignty, cross-border data flows, and regional regulatory variations under UK GDPR. • Socialize security best practices, facilitate knowledge transfer, and build collaborative relationships to embed security throughout the development and deployment lifecycle. • Drive full solution delivery and implementation of tools that enable secure development, web application protection, and operational security at scale. • Balance multiple priorities, overcome obstacles, and maintain structured delivery in a fast-paced, globally distributed environment.