• Define and maintain a cybersecurity metrics framework (KPIs, KRIs, OKRs) that supports executive decision-making • Develop and maintain a data dictionary and standardized definitions for all key metrics • Design and maintain logical and physical data models for cybersecurity reporting • Leverage ServiceNow as a core source of truth for workflow and status metrics • Develop and standardize ServiceNow-based reports, dashboards, and potentially Performance Analytics indicators • Apply best practices in visualization and information design to keep dashboards clear, actionable, and aligned with stakeholder needs • Implement governance for dashboard lifecycle • Partner with the Senior Principal, Vulnerability Management to ensure Tenable- and VM-related metrics align with risk models and program goals • Support Security Leadership in using metrics for planning, prioritization, and communication

At Netflix, our mission is to entertain the world. Together, we are writing the next episode - pushing the boundaries of storytelling, global fandom and making the unimaginable a reality. We are a dream team obsessed with the uncomfortable excitement of discovering what happens when you merge creativity, intuition and cutting-edge technology. Come be a part of what’s next. The Team The Detection Engineering Team is responsible for analyzing high-risk attack paths that could have substantial impact on Netflix and creating focused detections to reduce risk to the business. This is facilitated by partnerships with stakeholder teams, stakeholder domain expertise, and individual contributor creativity. DetEng is part of a larger Detection and Response team which includes Attacker Emulation, Security Incident Response and Threat Intelligence. The Role We are looking for an experienced detection engineer to help mature and expand our detection frameworks, platforms, and portfolio. The focus of our team is to create and continually improve detections that run on our own platforms to minimize risk to Netflix by proactively surfacing malicious or anomalous behavior to identify attacker presence or activity. We are a tight-knit team that provides value by creating compensating detective controls in order to shorten the time to discovery. Using a risk-based prioritization mindset, we focus our efforts to generate the largest impact and benefits for Netflix. Desired background: - You are comfortable working across the information security domain, with familiarity in a combination of endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and/or threat intelligence - You have hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and/or correlating complex data sets - You can identify trends, insights, and relationships between internal and external data and intelligence sources to provide recommended risk mitigation - You have experience implementing, using, and configuring some common security tools - You have experience writing detections at scale using a detection-as-code approach - You are able to script and develop automations, preferably using Python and SQL, in a cloud-based environment to contribute to our in-house platforms - You have excellent written and verbal communication skills, proactively inform stakeholders, and can operate with little oversight - You can effectively operate across teams and disciplines in highly ambiguous and rapidly changing environment - You work well with others, see the value of a team, and partner effectively with all stakeholders - You are comfortable working on ambitious projects with a very small, tight-knit team - Comfortable or experience applying GenAI technologies to automate security operations is a plus Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is $260,000.00 - $459,000.00. This compensation range will vary based on location. Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more details about our Benefits here. Netflix is a unique culture and environment. Learn more here. Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner. We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service. Job is open for no less than 7 days and will be removed when the position is filled.

• Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS). • Collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs. • Merging security engineering, local compliance, risk management, and stakeholder engagement. Translating regional regulatory requirements into actionable security controls. • Serving as the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets.

IT Risk & Governance Manager Ready to shape how a global business manages its technology risk and governance? Looking for a role where your expertise directly influences how we protect our systems, data, and clients? Join Aon as a Technology Risk & Governance Manager and help turn complex risks into clear, practical action! This is a virtual role with the flexibility to be based in the US. Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed. What the day will look like In this role, you’ll be a key partner to Technology, Cybersecurity, Compliance, and the business—helping them make smart, risk-aware decisions. Your day will blend hands-on work with policies and controls, reviewing and challenging risks, and turning regulatory and framework requirements into clear, practical actions that protect our systems and data. - Keep our technology policies, standards, and procedures up to date and easy to understand, working closely with stakeholders across the business. - Lead regular reviews and approvals of policies and be the go-to person to explain what they mean in day-to-day practice. - Help design and maintain a clear set of technology controls (such as access management, change management, incident management, data protection, and resilience) that keep our critical systems and data safe. - Work with Technology and Cybersecurity teams to spot gaps in controls, agree on fixes, and make sure they’re delivered on time. - Support internal and external audits and control testing, helping respond to questions, and track findings through to closure. - Maintain and update technology risk registers, making sure key risks are clearly described, assessed, and owned. - Provide risk input on new projects, technology changes, and third-party/vendor engagements so teams understand the impacts and can stay within risk appetite. - Help define and track key risk indicators and metrics that show how our technology risk profile is evolving. - Stay on top of relevant regulations, industry standards, and best practices, and translate them into practical requirements for our technology teams. - Prepare clear, concise risk and control updates for senior leaders and governance forums. - Build strong relationships with stakeholders across Technology, Cybersecurity, Compliance, Internal Audit, and business teams to align on priorities and remediation plans. - Champion a risk-aware culture by providing training, guidance, and day-to-day support on technology risk, controls, and governance. How this opportunity is different As Technology Risk & Governance Manager at Aon, you won’t be on the sidelines—you’ll be a core partner in how we design, run, and protect our technology. You’ll see a direct link between the policies and controls you shape and the resilience of the platforms our colleagues and clients rely on every day. The role offers broad visibility, strong stakeholder engagement, and a mix of strategic thinking and hands‑on delivery—ideal for someone who wants to grow their career in technology risk and governance. Who you’ll work with - Technology teams – Partner with application, infrastructure, and delivery teams to embed practical, right‑sized controls into day‑to‑day operations and change. - Cybersecurity – Work closely with security specialists to align on threats, controls, incidents, and resilience expectations. - Compliance & Legal – Translate regulatory and policy requirements into clear technology standards and controls. - Business leaders – Support product, operations, and functional leaders in understanding their technology risk profile and remediation priorities. - Internal Audit – Coordinate on audits, respond to findings, and drive sustainable remediation. You’ll have clear ownership and autonomy, backed by supportive risk leadership, subject‑matter experts, and established GRC tools and processes. Skills and experience that will lead to success - Bachelor’s degree in IT, Information Security, Risk Management, Business or related field (or equivalent experience) - 4–8+ years’ experience in technology risk management, IT audit, information security, technology controls or similar governance roles - Strong grasp of technology risk concepts, frameworks, and regulations (e.g., ISO 27001, NIST, COBIT, ITIL; cybersecurity, data protection/privacy, operational risk) - Hands-on experience designing, implementing, and testing technology controls, and developing policies, standards, and procedures - Strong analytical and communication skills, with the ability to work independently and collaboratively in a fast-paced, matrixed environment Education Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or equivalent years of industry experience. How we support our colleagues In addition to our comprehensive benefits package, we encourage a workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Pay Transparency Laws: The salary range for this position (intended for U.S. applicants) is [$113300 to $140000] annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan. Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies. #LI-NS1 #LI-REMOTE 2573732