• Lead cyber security and PCI DSS client engagements from initiation through delivery and closure. • Act as the primary point of contact for clients during assigned engagements, ensuring clear communication, scope control, and expectation management. • Deliver high‑quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders. • Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic and proportionate recommendations. • Perform PCI DSS assessments in line with PCI SSC requirements, including: Scoping and gap assessments, On‑site and remote assessments, Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC). • Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning. • Support clients in achieving and maintaining PCI DSS compliance across complex environments. • Stay current with PCI DSS standard updates, guidance, and assessor program requirements.

• Assist in the coordination and management of IT Security project tasks and deliverables. • Responsible, under supervision from Sr. Security team members, for entry level tasks and deliverables for Security Awareness, Security Training Management, Threat Intelligence, and Third Party Risk Management. • Support Computer-Based Training content administration and reporting on Learning Management Software. • Assist the Phishing Awareness Program by designing, launching, and assessing simulated attacks on the user population. • Collect and report metrics and evidence for auditing and reporting purposes. • Partner with technical and non-technical staff to ensure that deployed technologies are effectively and efficiently providing the intended controls consistent with established policies and procedures. • Partner with staff at all levels in the organization, vendors and contractors to ensure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s). • Responsible for weekly Software Advisory meeting and secure software lifecycle management tasks. • Collaborate with Security Team to draft and review Policies, Procedures, Runbooks, and Playbooks. • Monitor and triage low severity security events with guidance from team members. • Stay abreast of industry security trends and developments; as well as, applicable government regulations. • Perform other duties as assigned.

• Respond to and resolve tickets related to information security • Support the implementation and maintenance of internal standards, procedures, and policies • Monitor and evaluate vendors from a security perspective • Contribute to compliance projects for ISO 27001 and ISO 27002 • Participate in Risk Management processes

• Execution and analysis of vulnerability scans and determining remediation steps. • Execution and analysis of Penetration Tests (manual and autonomous), writing reports, and delivery of reports to client stakeholders. • Lead client meetings, offering expert advice and guidance as needed. • Collaborate with clients to understand their business needs and requirements to best align remediation requirements to business outcomes. • Creation and ongoing upkeep of materials documenting our security processes, procedures, and technologies, along with the generation of automated reports for relevant stakeholders. • Update client Security presentations and discuss findings with our clients. • Maintain a leading edge on security events and techniques to keep our clients aware of new threats and attack techniques.