• Lead the continued evolution of LastPass's risk management framework to ensure it remains repeatable, scalable, and consistently applied • Design and scale the BISO-aligned advisory model, defining engagement patterns, communication flows, and partnership rhythms that embed GRC in business decisions • Provide just-in-time risk advisory for product development, engineering changes, supplier decisions, architecture reviews, and other high-impact initiatives, ensuring risks and tradeoffs are clearly understood • Build strong cross-functional partnerships, serving as a trusted advisor who translates complex technical and business risks into actionable, business-aligned recommendations • Coach GRC Analysts to adopt advisory behaviors, apply the risk framework consistently, and deliver high-quality just-in-time support across their aligned business areas • Partner with Governance and GRC Engineering to integrate risk insights with standards, continuous control monitoring signals, and assurance workflows • Lead technical and executive-level risk discussions through Risk Governance Committees, driving clarity, alignment to risk appetites, and accountable decisions • Produce clear, executive-ready risk narratives, reports, and dashboards that support leadership understanding, prioritization, and decision-making

• Work within a small team of developers who are specialists in Rust, Swift, Kotlin and Security Development • Implement new security features for the 1Password iOS and core hybrid applications • Assist in security design efforts or scoping initiatives for new features • Demonstrate leadership in security development • Collaborate with teams across our hybrid core architecture • Mentor junior and new team members • Review code for others to maintain high code quality • Stay informed about the latest industry trends, technologies, and best practices in security development

• Lead and deliver deep‑dive telecom security risk assessments and security consulting for operators, vendors, and critical infrastructure programs (Security Architecture Reviews, RAN & OSS Risk Assessment, MOCN Risk Assessment, IMS Cloud Risk Assessment, 5G Core Risk Assessment). • Define assessment scope, threat model, and risk methodology; translate technical findings into clear, actionable risk statements and remediation roadmaps. • Perform architecture and design reviews across 2G/3G/4G/5G, IMS, EPC/5GC, RAN/OpenRAN, OSS/BSS, interconnect, roaming, cloud-native telecom platforms (Kubernetes/OpenStack), wireline and other OT and IT infrastructure. • Assess security controls and compliance alignment (e.g., GSMA, 3GPP, NIST/ISO principles) including identity, key management, crypto choices, secure boot, supply chain, and operational security. • Analyze protocol and interface exposure (SS7, Diameter, GTP, SIP/IMS, SIGTRAN, HTTP APIs) and identify abuse cases, misconfigurations, and systemic weaknesses. • Evaluate cloud and platform security for telecom workloads (multi-tenancy, network segmentation, service mesh, IAM, secrets management, CI/CD, container hardening). • Conduct evidence-based testing and validation when required (configuration review, log review, traffic analysis, fuzzing/abuse-case testing) and coordinate with P1 Labs R&D for advanced topics. • Produce high-quality deliverables: executive summaries, technical annexes, risk registers, reports and presentations; ensure consistency and repeatability across engagements. • Support pre-sales and customer workshops: clarify requirements, estimate effort, contribute to proposals, and communicate scope and value. • Mentor team members and contribute to internal knowledge base, assessment playbooks, and reusable tooling.

• Develop and maintain enterprise level security architecture, reference models, and security patterns. • Conduct threat modeling (using STRIDE, DREAD, LINDDUN, or similar methodologies) for applications, APIs, and infrastructure. • Review high level and low level solution designs for security gaps and recommend mitigations. • Define secure coding guidelines and assist development teams in secure implementation Cryptography & Hardware Security Module (HSM). • Manage and operate HSMs (Thales, nCipher, Azure Key Vault Managed HSM, AWS CloudHSM, etc.). • Oversee lifecycle operations: key generation, rotation, storage, distribution, and decommissioning - Implement and enforce cryptographic standards (AES 256, RSA 2048/4096, ECC, TLS 1.2/1.3, etc.). • Integrate HSMs into application workflows and enterprise systems Compliance & Security Validation. • Validate third party and internal software integrations for compliance (ISO 27001, PCI DSS, SOC 2, local regulatory standards). • Perform architectural risk assessments and oversee secure onboarding of vendors and SaaS platforms. • Ensure alignment of solutions with Zero Trust principles and enterprise security policies Cloud & Infrastructure Security. • Architect secure solutions in cloud environments (Azure, AWS, GCP) - Define IAM, network segmentation, encryption, and logging strategies. • Evaluate and enhance container and Kubernetes security Incident Response & Governance. • Contribute to incident response planning and root cause analysis . • Maintain security documentation, roadmaps, and architectural standards. • Collaborate closely with DevOps, development, networking, and governance.