• Own vulnerability management, SIEM tuning and monitoring, incident response, and threat investigation. • Maintain secure baseline configurations (CIS, hardening standards). • Oversee AWS security controls, including IAM governance, cloud logging, encryption standards, network security boundaries, and enforcement of cloud security guardrails. • Design and approve security controls for new systems, infrastructure changes, and applications. • Govern identity security, privileged access, MFA enforcement, and periodic access reviews. • Provide security oversight for DevOps pipelines and cloud deployments. • Lead annual risk assessments, security reviews, and third-party/vendor risk management. • Own the Disaster Recovery (DR) governance program, including planning, documentation, tabletop exercises, and driving remediation, while partnering with Infrastructure on technical DR execution. • Manage data protection and data classification practices. • Track and report security KPIs, risks, and initiatives to the ISO.

• Advising our customers on all security-related issues – from design to development • Analyzing, designing, and continuously developing our security services, as well as helping to define new managed security offerings • Working with modern security technologies such as EDR/XDR, IDS/IPS, PAM, vulnerability management, and SIEM • Independently supporting and coordinating internal and external security incidents (detection, containment, eradication, lessons learned) • Monitoring, analyzing, and defending against current and emerging threats (threat hunting, threat intelligence) by developing the latest defense mechanisms • Collaboration on the development of new security requirements, guidelines, and controls to improve the overall security situation of our customers • Close cooperation with our European and global security team to continuously develop our solutions, methods, and automation approaches

• Become a trusted ally to CEOs and management teams through efficient, intelligent and accurate work, and the effective communication thereof. • Working largely independently, apply knowledge, experience, insight, and competence to partner strategically with cybersecurity clients on forward-looking finance. • This role has variety at its core. From presenting at investor meetings to building financial models for clients, no day will be a “typical day” (hence the typical, atypical day). • You will help bridge the gap between legacy financial thinking and new ecosystems, functions and capital flows. • You will be supporting our startup clients who need high-level finance help but may not have a need for a full-time internal CFO at their current stage. • You will be managing the entire Finance function for your clients, so you’ll want to be comfortable managing a team. • You will have the opportunity to build out robust processes and systems for our clients. So understanding + embracing the agile and scrappy nature of startups is a must.

• Implement and/or manage native AWS security services to monitor and protect multi account environments • Develop and maintain Infrastructure as Code (IaC) security practices using Terraform • Configure and optimize Web Application Firewalls (WAF) and API security controls • Automate incident detection, response workflows, and compliance processes using native AWS services and integrated tooling • Drive vulnerability management activities • Shape the strategic roadmap for platform and cloud security, providing thought leadership and proactive recommendations to senior management. • Map and track cloud security maturity • Perform regular security assessments using AWS frameworks, CIS Benchmarks, etc. • Lead data protection initiatives such as DLP, data flow mapping, encryption policies, etc. • Partner with platform engineering and product teams to embed security into design and delivery activities. • Coordinate security efforts with security operations, enterprise security, Governance, Risk, and Compliance (GRC), and privacy/compliance teams. • Advise AI/ML teams on securing models, data pipelines, and emerging AI security risks. • Lead security awareness efforts tailored for engineering teams, including building a security champions program to drive adoption of secure practices across product and cloud development