• Responsible for Identity and Access Management of the back-end operating systems running on IAM platform • Participate in supporting the Privileged Access Management (PAM) • Maintain and enhance the IAM AIbot functionalities • Manage IAM tools and provide functional and business technology support including but not limited to chat faq handling, account management, permission authorization, access review and control, data protection, risk identification and analysis. • Support in STAP Monitoring to review the system alerts • Continuously evaluate the effectiveness of the system functionality, suggesting improvements based on organizational needs. • Correlate events across multiple systems to proactively surface and resolve deep, underlying issues. • Able to deal with ad-hoc assignments from the management with less supervision.

• Partner closely with engineering teams to deliver on critical AppSec services • Develop AppSec tooling that scales security throughout our ecosystem • Drive the design and development of innovative security solutions • Provide practical guidance to engineering teams • Collaborate with developers, product managers, and security engineers

• Own internal IT systems including identity management, device management, endpoint security, and SaaS tooling. • Lead SOC 2 and other compliance programs, including audit readiness, evidence collection, auditor coordination, and remediation. • Design, implement, and maintain security controls such as access controls, encryption, logging, and vulnerability management. • Develop and maintain security policies, procedures, and documentation aligned with frameworks such as SOC 2, NIST, and ISO 27001. • Manage identity lifecycle processes, including onboarding, offboarding, and access reviews using least-privilege principles. • Evaluate, select, and implement IT and security tools (MDM, EDR, SSO/IdP, DLP, logging). • Oversee vendor security reviews and third-party risk management. • Partner with engineering and operations to ensure secure configurations across cloud infrastructure and SaaS applications. • Participate in incident response activities and drive continuous improvement from security events. • Automate IT and security workflows where possible to improve efficiency and reliability.

• Lead the review and analysis of vulnerability data to identify trends, patterns, and key risks across Deckers’ global environment • Facilitate vulnerability management meetings and drive risk-based discussions to prioritize and accelerate remediation efforts • Advise and support remediation teams in developing actionable plans to address vulnerabilities and strengthen our security posture • Perform risk-based assessments for both on-premise and cloud-based services, ensuring robust protection for critical assets • Integrate advanced security technologies and automation tools to enhance threat detection and response capabilities • Build and present business cases for adopting new security solutions to mitigate emerging risks • Develop, consolidate, and maintain security metrics to measure the effectiveness of our cybersecurity program • Apply industry-leading frameworks (NIST, ISO27001/2, CIS Top 20 Controls) to establish and maintain best-in-class security measures • Foster strong relationships with technical teams, serving as a trusted advisor and championing a culture of security awareness • Contribute to the strategic direction of the Technical Security team by designing and implementing tools that enhance customer trust and detect suspicious activity