This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking a Principal Security Risk & Posture Lead to establish and maintain a defensible, evidence-based understanding of the organization’s current security posture across a complex, uneven, and rapidly evolving technology environment. This role is foundational to the cybersecurity operating model and exists to ensure leadership can make confident stop/go decisions based on reality, not assumption. - Establish baseline security truth across identity, cloud, SaaS, network, and third-party domains. Work Location: US Nationwide Work From Home/Remote Main Responsibilities - Maintain a living view of enterprise security posture - Validate operational effectiveness of controls - Identify material weaknesses and inconsistencies - Support risk acceptance and exception decisions - Provide clear executive posture narratives Qualifications - Bachelor’s degree (BS/BA) in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field is desired, or equivalent practical experience. - 8–12+ years of progressive experience in cybersecurity risk, security assurance, security operations, audit, or control effectiveness roles within large, complex environments. - Demonstrated experience operating at a senior or principal individual contributor level, with responsibility for enterprise‑wide risk visibility, posture assessment, or control validation across multiple technology domains. - Direct experience translating technical and operational reality into executive‑level risk narratives, including support for risk acceptance, exception, and prioritization decisions. - Hands‑on exposure to security control implementation, operations, or engineering sufficient to independently assess whether controls are working as intended, not merely whether they exist. - Professional certifications such as CISSP, CISM, CRISC, or equivalent are preferred but not required. Requirements - Enterprise security posture assessment across identity, cloud, SaaS, network, and third‑party risk domains - Control effectiveness validation (design vs. operating effectiveness) - Evidence‑based risk analysis under incomplete or conflicting data - Comfort operating without clean inventories, perfect telemetry, or mature processes - Credibility with both executives and deeply technical practitioners Compensation This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. Location Based Pay Ranges: $145,000 - $220,000 Benefits Forged Fiber offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. What to Expect Next If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. Forged Fiber 37 Services, LLC participates in E‑Verify and will provide the federal government with your Form I‑9 information to confirm that you are authorized to work in the United States. Employers can only use E‑Verify once you have accepted a job offer and completed the Form I‑9. Equal Employment Opportunities It is the policy of Forged Fiber to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital

• Leading, coaching, and developing the Security Operations Team • Driving overall cyber security operations strategy • Designing and maturing operational processes, playbooks, and response frameworks • Overseeing 24/7 monitoring, triage, and response to security alerts and incidents • Ensuring effective usage and tuning of SIEM, SOAR, EDR, and threat‑intel platforms • Leading major incident investigations and coordinating cross-functional remediation • Managing vulnerability scanning, prioritization, and remediation governance • Tracking and evaluating emerging threats, CVEs, 0‑days, and global security trends • Ensuring timely mitigation across cloud, endpoints, and applications

• Build, operate, and continuously improve security detection, response, and operational resilience capabilities. • Protect Cleo’s cloud infrastructure, SaaS platforms, endpoints, and corporate environment from evolving threats. • Lead daily monitoring of security events across cloud, endpoint, identity, and application layers. • Conduct post-incident reviews focused on systemic improvement. • Oversee vulnerability scanning across infrastructure, endpoints, and cloud resources. • Monitor and secure AWS accounts and cloud-native services. • Define and track security operations KPIs.

Cleo is seeking a Security Operations Lead to build, operate, and continuously improve our security detection, response, and operational resilience capabilities. This leader will be responsible for protecting Cleo’s cloud infrastructure, SaaS platforms, endpoints, and corporate environment from evolving threats while ensuring operational stability and regulatory alignment. The ideal candidate is hands-on, technically deep, and capable of building scalable security operations in a high-growth SaaS environment. What You Will Be Doing Security Monitoring and Detection - Own and evolve Cleo’s detection and response strategy - Lead daily monitoring of security events across cloud, endpoint, identity, and application layers - Continuously tune detection rules to reduce noise and improve signal - Ensure effective coverage across AWS, SaaS platforms, and corporate systems - Leverage SIEM, EDR, and cloud-native tooling to improve visibility Incident Response and Containment - Lead security incident investigations and coordinate cross-functional response - Develop and maintain incident response playbooks - Conduct post-incident reviews focused on systemic improvement - Reduce mean time to detect and contain security events - Partner with Legal, Compliance, and Leadership during material incidents Vulnerability and Exposure Management - Oversee vulnerability scanning across infrastructure, endpoints, and cloud resources - Prioritize remediation based on business risk - Track critical vulnerability exposure windows - Partner with Engineering and IT to drive timely remediation Cloud and Identity Security Operations - Monitor and secure AWS accounts and cloud-native services - Identify and remediate misconfigurations - Strengthen identity and access management controls - Collaborate with Cloud Security and Platform teams on guardrails Operational Metrics and Reporting - Define and track security operations KPIs - Report on detection efficacy, remediation timelines, and exposure trends - Provide board-ready operational risk metrics - Support audit and compliance evidence requirements Automation and Continuous Improvement - Automate repetitive operational tasks - Improve alert triage workflows - Optimize tooling effectiveness and cost efficiency - Reduce operational friction through process refinement Leadership and Collaboration - Lead and mentor security analysts and engineers - Partner closely with Engineering, IT, and Platform teams - Contribute to the Security Champion and Guild initiatives - Build a culture of proactive risk identification Your Skills - Experience in mid-market or high-growth SaaS environments - Experience supporting SOC 2, ISO 27001, or similar audits - Familiarity with MITRE ATT&CK framework - Experience building or maturing security operations functions - Relevant certifications such as CISSP, GCIA, GCIH, or similar Your Qualifications Education - Bachelor’s degree required. Experience - 7+ years of experience in security operations, incident response, or detection engineering - Strong experience securing cloud-native SaaS environments, preferably AWS - Hands-on experience with SIEM, EDR, vulnerability management, and cloud security tooling - Deep understanding of attacker techniques and threat detection methodologies - Experience leading incident response efforts - Strong communication skills with the ability to translate technical risk into business impact A few things we have to offer: - Compensation: $120,000 - $140,000 - Great Healthcare + Dental + Vision - Flexible PTO - Culture of support, encouraging Life-Work balance - 401k match - FSA and HSA options - Employee Assistance Program - Paid Parental Leave - Representing a company with 4,000+ clients and a 99% retention rate - Accelerated title and salary growth potential - A fun and energetic work environment that makes you excited to go to work every day We use artificial intelligence (AI) tools to assist in certain stages of our recruitment process, such as resume screening and candidate matching. These tools are designed to support fair and consistent evaluations. If you have questions about this process or would like to request an alternative assessment method, please contact us at hr@cleo.com. Cleo Communications US, LLC is an equal opportunity/affirmative action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.