- **Security Operations Leadership: **Lead and evolve the strategic direction of our SOC-centric offerings, focusing on advanced detection, triage, and incident response practices across cloud and hybrid environments. - **Agentic Security Development:** Identify opportunities to automate or optimize key security workflows using intelligent agents, copilots, or orchestrated automation. Guide the team in piloting AI-powered use cases within detection, enrichment, case management, and remediation. - **Client Advisory & Solution Design: **Engage with CISOs and security teams to understand pain points in existing operations. Design tailored automation and orchestration strategies aligned with real-world security needs and business goals. - **Product & Platform Ownership:** Contribute to the vision and early-stage design of Plain Concepts' security automation tools — including SOC copilots or orchestration modules — and validate use cases with clients. - **Cross-Team Collaboration:** Work with AI engineers, cloud architects, and the Offensive AI & Governance leads to integrate detection and response automation into broader cybersecurity offerings. - **Sales Enablement & Pre-Sales Support: **Lead consultative engagements with clients and support pre-sales cycles. Prepare technical proposals and contribute to offering development for agentic security services. - **Innovation & Trends:** Stay on top of emerging AI applications for cyber defense (e.g., LLMs in SOC, autonomous triage systems, AI-powered threat hunting) and continuously translate those insights into action plans for our teams and clients.

• Identify and mitigate risks in AI models, applications and data pipelines to ensure security, integrity and availability. • Design and implement security protocols for AI/ML systems, models and data pipelines. • Review applications and services using AI against threats. • Conduct threat modeling and risk assessments. • Monitor systems for anomalous behaviors. • Assess and secure end points and APIs for model access and inference. • Collaborate with stakeholders, engineers, data scientists and IT to integrate security into systems. • Deliver client reports on AI security protocols and policies, and document best practices. • Develop and implement AI security training for internal and external stakeholders.

• Monitor and respond to security events and incidents across infrastructure and cloud environments • Deploy, configure, and maintain security tools (SIEM, IDS/IPS, EDR, DLP, vulnerability management systems) • Design and improve centralized logging and monitoring architecture • Implement and maintain ISMS in line with international standards (e.g., ISO 27001 or similar frameworks) • Conduct risk assessments and prioritize mitigation strategies • Maintain up-to-date security policies, documentation, and audit evidence • Prepare the organization for internal and external security audits • Collaborate cross-functionally to align security controls with business objectives • Provide regular security posture reports to the CTO and management

• Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans • Maintain and continuously improve the Information Security Management System (ISMS) • Create, review, and maintain core security policies, standards, and procedures • Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR) • Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities • Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions • Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling • Maintain ISO 27001 certification and prepare for the 2027 recertification audit • Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping • Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions • Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed • Provide security oversight across Azure, AWS, and Google Workspace environments • Conduct access reviews and advise on identity and access management best practices • Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection) • Oversee VMware Workspace ONE MDM deployment and device security policies • Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles • Develop and maintain incident response plans and procedures • Lead incident response tabletop exercises and post-incident reviews • Provide guidance on business continuity and disaster recovery planning • Advise on vendor security assessments and third-party risk management • Design and deliver company-wide security awareness training programmes • Mentor and upskill internal staff on security best practices • Foster a security-first culture across all departments • Act as a trusted advisor to leadership on emerging threats and security trends • Report regularly to the CTO on security posture, risks, and programme progress • Prepare board-level security presentations as required (infrequent) • Support commercial teams by contributing to customer security discussions when escalated