• Provide expert legal advice to our teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations • Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform periodic security hygiene assessments, mitigation, and remediation • Help enhance Docusign’s data governance posture, including data governance operations and documentation, employee training on data governance and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, data compliance program monitoring and auditing, and third-party risk assessment • Collaborate with the global legal team to align security and data practices across the company, ensuring a unified approach to data protection • Support building and improving incident detection and response processes • Provide support and counsel during cybersecurity-related investigations and the response to data incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust • Remain up-to-date on relevant data security laws and regulations, industry approaches to data governance program management, and on data compliance and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues • Help prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations • Support global AI governance, helping the business teams continue innovating responsibly

• Maintain and improve the custody systems that hold validator keys, operational keys, and important objects for Mysten-run smart contracts and general on-chain operations, including key generation, storage, access controls, signing workflows, aggregation, rotation, and recovery procedures • Harden the signing path end-to-end: review and improve the code, infrastructure, and operational practices around how transactions are authorized, reviewed, and submitted on-chain • Build and improve anti-scam and anti-abuse tooling for the Sui ecosystem, detecting phishing sites, malicious dApps, drainer contracts, and other threats that target Sui users, and partnering with wallet ecosystem teams on mitigations. • Conduct code and design reviews of components that interact with sensitive keys or handle on-chain assets, with a focus on cryptographic correctness, access control, and operational safety • Participate in investigation and response for security issues and incidents that touch custody or ecosystem abuse, and drive concrete fixes that prevent the same class of issue from recurring

• Lead and execute penetration tests across: Web and mobile applications, Cloud and infrastructure, Red team engagements • Work on and help shape advanced service offerings, pushing Packetlabs’ technical depth and differentiation • Support scoping and pre-engagement discussions, helping ensure projects are realistic, high-impact, and aligned with client risk • Actively coach and mentor consultants with a strong focus on long-term career growth • Conduct regular 1:1s focused on skills development, feedback, and career progression • Help team members identify their strengths, areas for growth, and learning paths (both technical and soft skills)

Role Description The Business Information Security Consultant provides advisory and hands-on support for security governance, risk management, and secure application development initiatives. This role supports ongoing security efforts for application implementations, third-party risk assessments, and business-facing security programs. The position interacts closely with business, technology, and security stakeholders to assess controls, facilitate risk mitigation activities, and deliver consistent security practices across multiple initiatives. Key Responsibilities - Secure by Design & SDLC Support - Support secure-by-design initiatives by evaluating security controls within application implementations. - Perform security-related SDLC activities using standardized security user stories. - Provide ongoing consultation for in-scope applications to ensure alignment with security requirements. - Assist development and project teams in understanding and applying security controls. - Risk Management & Third-Party Assessments - Conduct risk assessments and due diligence activities for third-party vendors. - Identify risks and recommend mitigation strategies aligned with organizational standards. - Support vendor risk management processes and ongoing monitoring activities. - Security Assessments & Governance Support - Support physical site security assessments on an as-needed basis. - Facilitate Security Risk Acknowledgment and Action Planning activities. - Provide ad-hoc security consultation through formal service request processes. - Ensure consistent application of security governance practices across initiatives. - Reporting & Program Visibility - Prepare and deliver monthly reports summarizing security demand, activities, and outcomes. - Track and communicate workload, trends, and key risk indicators. - Provide updates to leadership on security initiatives and risk posture. - Stakeholder Collaboration & Advisory - Partner with business, IT, and security teams to align on risk, controls, and implementation strategies. - Act as a trusted advisor for security-related decisions and risk acceptances. - Support cross-functional communication and coordination on security initiatives. Qualifications - 5 or more years of experience in information security, risk management, or security consulting. - Experience supporting secure software development life cycle activities. - Experience conducting vendor risk assessments and due diligence reviews. - Strong understanding of security controls, risk frameworks, and mitigation strategies. - Experience working directly with business and technical stakeholders. - Strong written and verbal communication skills. Preferred Qualifications - Experience supporting divestiture, integration, or transformation programs. - Familiarity with enterprise security assessment methodologies. - Experience supporting physical security assessments. - Experience working in regulated or large enterprise environments. Core Skills & Attributes - Strong analytical and risk assessment capabilities. - Ability to communicate complex security concepts to non-technical stakeholders. - Strong organizational and reporting skills. - Ability to manage multiple concurrent tasks in a demand-driven environment. - Collaborative and consultative approach to problem solving. - High attention to detail and accountability in security processes. Benefits - Competitive salary - 100% Remote - Mid–Senior Level (5 or more years of relevant experience) This is a remote position.