• Operate and maintain security compliance processes across ISO 27001, SOC 2, NIST, CIS, GDPR, and other relevant frameworks. • Collect, analyze, and validate technical compliance evidence from systems, applications, and security platforms. • Use SIEM and other monitoring tools to review logs, configurations, and control effectiveness. • Support internal and external audits by preparing evidence, coordinating with stakeholders, and responding to auditor requests. • Contribute to security control testing, system hardening reviews, and validation of technical baselines. • Collaborate with internal stakeholders to ensure compliance requirements are integrated into operations and projects. • Support responses to customer security questionnaires and due diligence requests as needed. • Maintain documentation of compliance processes, evidence repositories, and audit history. • Monitor changes in regulatory and framework requirements, recommending updates to controls or processes as required. • Assist in developing metrics and reports on compliance status for leadership review.

• Lead the design, planning, and delivery of security projects spanning cloud infrastructure (primarily Azure), web application security, secure coding practices, application code reviews, GenAI/Agentic AI security controls, and security for global, multi-region/diverse infrastructure. • Coordinate closely with engineering, architecture, DevOps, product, and international teams to define requirements, align dependencies, and drive risk reduction through mature security practices. • Perform hands-on implementation, automation, and maintenance of security solutions, including vulnerability management, policy-as-code, automated remediation workflows, secure-by-design frameworks, web application firewalls, code scanning, and runtime protection. • Provide technical coordination on securing web applications (e.g., OWASP Top 10 mitigation, secure headers, input validation), application code (secure coding standards, SAST/DAST/IAST integration), threat modeling (e.g., STRIDE), SDLC security integration, and compliance with SOC 2, ISO 27001, and UK GDPR requirements. • Ensure security controls and processes support global operations, including data sovereignty, cross-border data flows, and regional regulatory variations under UK GDPR. • Socialize security best practices, facilitate knowledge transfer, and build collaborative relationships to embed security throughout the development and deployment lifecycle. • Drive full solution delivery and implementation of tools that enable secure development, web application protection, and operational security at scale. • Balance multiple priorities, overcome obstacles, and maintain structured delivery in a fast-paced, globally distributed environment.

• Oversee the security of The Trevor Project’s systems, data, and other digital assets. • Direct contributor to the overall organizational Information Security Program. • Support the security strategy plan and ensure compliance with security frameworks. • Monitor cloud based systems for security issues and deploy security tools. • Manage the Security Awareness Training Program and investigate security issues or breaches.

• Working independently and collaboratively with a team to both lead and support • Perform penetration testing on applications with complex technology stacks from both a: Unauthenticated perspective and Authenticated perspective • Dynamically flex your skills when assessing emerging or custom technologies. • Lead complex engagements to provide a technical consistency approach across multiple tests. • Contextualize vulnerabilities and assess realistic impact to a client accounting for mitigating and aggravating factors. • Manage priorities and tasks to achieve utilization targets. • Operate with professionalism both internally and with clients. • Ensure quality reports and services are delivered efficiently and on time. • Support sales and business growth by scoping out potential opportunities. • Maintains strong depth of knowledge in the practice area. • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.