• Lead Automox's Security and IT Operations functions. • Run both teams day to day, set and execute a 6-12 month roadmap, and report directly to the CTO. • Manage the IT and Security budget, assist with on-call, and lead incident response. • Turn security priorities into a concrete roadmap with clear milestones, owners, and metrics. • Own the GRC program, treating SOC 2 as an ongoing discipline rather than a periodic event. • Own the ProdSec program, partnering with Engineering and Product to embed security into the development lifecycle. • Lead incident response: runbooks, escalation paths, and post-incident reviews that improve response over time. • Set and execute the strategy for endpoints, identity, and SaaS at scale. • Oversee MDM, patch compliance via Automox, hardware lifecycle, and zero-touch provisioning across macOS and Windows. • Administer core SaaS across collaboration, source control, secrets management, and cloud, including ongoing license rationalization. • Automate repetitive work with AI coding tools and keep it documented, measured, and maintained. • Track KPIs across ticket responsiveness, patch and MDM coverage, access reviews, and IT spend, using them to drive improvement. • Develop engineers and helpdesk staff, with clear career paths and succession depth. • Build a culture of clarity, ownership, and psychological safety across both teams.

• Own the end-to-end remediation process from validated finding through fix verification. Define and enforce SLAs by severity, track progress across engineering teams, escalate aging findings, and drive blockers to resolution. • Organize third-party penetration tests: scoping, scheduling, vendor coordination, finding intake, and tracking through remediation. Own the operational side of the bug bounty program, ensuring researcher submissions are acknowledged, triaged, validated, and resolved within committed timelines. • Build and maintain security kanban boards that give the entire organization visibility into vulnerability status: internal findings, pen test results, bug bounty submissions, and security exceptions. These boards are the single source of truth. Engineering knows what's on their plate, security leadership knows the posture, and Customer Trust has what they need for customer conversations. • Use Claude and LLM platforms to automate finding intake and routing, generate status reports, flag at-risk SLAs, draft stakeholder communications, and surface patterns that indicate systemic issues. Focus your time on judgment and coordination by letting AI handle the repetitive tracking. • Own the security exception process: intake, risk documentation, approval routing, time-bound tracking, and expiration enforcement. When an engineering team requests an exception, you ensure it's documented with clear risk context, reviewed by the right people, and actively tracked to expiration. • Own Product Security metrics: mean time to remediate, SLA compliance, finding aging, exception counts, recurrence rates, coverage by product. Build reporting that serves the VP (portfolio posture), engineering leaders (their team's queue), and Customer Trust (defensible data for customer security reviews). • Coordinate with Engineering and Product Management on remediation prioritization and release planning. Work with Customer Support and Customer Trust on vulnerability status for customer inquiries and security questionnaires. Partner with Cyber Defense on findings that cross product and infrastructure boundaries. Keep Security Architects and Product Security Engineers aligned on remediation status.

• Performing initial triage of disparate security signals and events to determine severity and drive response to potential business-impacting incidents. • Monitoring and analyzing vulnerability management tools and feeds; providing remediation guidance to downstream teams; and keeping technical risk under control. • Operating the security awareness program, including course design, phishing simulations, reporting, and support for business teams and users. • Supporting internal and external stakeholders as required to gather information and evidence for security governance activities and compliance audits. • Using AI and automation techniques to enhance compliance, facilitate business operations, and improve efficiency. • Undertaking small projects to mitigate risk, support the team, and support other company objectives.

• Lead threat modeling, attack surface analysis, and secure design reviews across products, platform services, endpoint agents, and cloud-native systems. • Use LLM platforms (Claude, OpenAI) as core tools to scale threat analysis, abuse-case generation, architecture review, and remediation guidance. • Work directly with engineering teams to embed secure-by-default patterns into product development. • Own and expand the Product Security handbook that inferences product context from multiple sources and leverage it for enforcing secure design standards. • Mentor Product Security Engineers and Security Champions on secure design, attack surface reduction, and AI-first security workflows. • Help evolve BeyondTrust's AI-first Product Security Architecture strategy by identifying where AI workflows can replace manual processes.