• Identify the highest-impact security risks and lead remediation end-to-end. • Own application security tooling for code, dependencies, and secrets. • Lead threat modeling, risk assessments, and architecture reviews for new and existing services. • Validate and triage findings from bug bounty and pentests. • Experience integrating security into CI/CD and infrastructure-as-code workflows. • Lead security monitoring and incident response: alerts, investigations, and follow-through.

• Ensure that our clients' security infrastructures and systems remain operational. • Monitor, identify, investigate, and resolve technical incidents and problems, restoring service efficiently. • Handle client requests or tickets with technical expertise, ensuring they are resolved within the agreed service level agreement (SLA). • Actively manage work queues, perform operational tasks, and update tickets with resolution actions. • Log incidents promptly and provide second-level support, communicating effectively with other teams and clients. • Execute changes responsibly and flagging risks and mitigation plans. • Collaborate closely with automation teams to optimize efforts and automate routine tasks. • Audit incident and request tickets for quality, recommend improvements, and contribute to trend analysis reports.

• Develop and maintain a comprehensive product cybersecurity architecture for our product ecosystem, ensuring alignment with industry standards and business objectives. • Stay well-informed of emerging cybersecurity threats and technologies; continuously updating our cybersecurity strategies and solutions accordingly. • Oversee and evaluate the implementation of cybersecurity controls, including but not limited to, encryption, access controls, network security, and secure coding practices. • Collaborate with product development teams to incorporate cybersecurity into the design and development lifecycle of products. • Liaise with external cybersecurity vendors and partners, managing relationships, and ensuring the effective integration of third-party security solutions. • Responsible for career development and performance management of the team. • Document, maintain, and lead the implementation of key activities in the cybersecurity management system. • Conduct, with a cross-functional team, a thorough threat analysis and risk assessment for existing and new products; identifying potential vulnerabilities and proposing mitigation strategies. • Complete the evidence to support the safety case claims for product cybersecurity. • Ensure compliance with relevant industry, regulatory, and organizational cybersecurity standards and policies. • Represent Torc at external standards and industry bodies and communicate our product cybersecurity approach. • Prepare and present reports on cybersecurity architecture, risk assessments, and mitigation strategies to senior management and relevant stakeholders. • Participate in and support product cybersecurity incident response and forensic activities. • Coordinate and share cybersecurity information, risk assessments, and incident updates with IT and Enterprise Cybersecurity teams to ensure consistent alignment of product cybersecurity practices with enterprise-wide standards and response protocols.

• Supports the management and oversight of compliance-related data assets • Performs data validation, reconciliation, and quality checks • Partners with Compliance, Legal, IT, Web Development, and Data Engineering teams • Escalates data quality or compliance risks appropriately • Assists in enforcing data governance, privacy, retention, and access control policies