• Understand and execute the audit process using a risk-based audit approach • Perform analysis of the process and associated risks • Develop and conduct formal testing to determine if controls are effective to mitigate or manage risks • Communicate the impact for achieving objectives • Develop recommendations and prepare a final report

Assist with network security operations, analyze and resolve vulnerability issues, generate reports, and document activities related to various security controls and technologies to ensure robust network security and compliance.

• Support security, privacy, and governance activities across the Microsoft 365 cloud suite. • Assist with data readiness planning and integration of Microsoft Purview to protect sensitive data. • Support management of user permissions, data retention, compliance settings, and enterprise policies. • Assist with documentation and management of Security Change Requests and audit logging solutions. • Support Microsoft security and cyber architecture activities related to M365 services. • Assist with security and configuration support for SharePoint Online, OneDrive for Business, Exchange Online, Teams, Power Platform, Copilot, Azure/Azure AD, Intune, and AvePoint Online Services. • Support AvePoint Online Services security capabilities, including tenant-to-tenant considerations, Splunk Enterprise integration, bring-your-own-key configurations, IP restrictions, SFTP, and related interfaces. • Collaborate with systems support staff and technical teams to identify, mitigate, and document risks. • Contribute to bi-weekly and monthly status reporting, including action items, risks, mitigations, escalations, accomplishments, and closures.

• ISMS management and compliance. Manage and maintain the Information Security Management System, ensuring ongoing compliance with ISO 27001, GDPR, HIPAA, and other applicable frameworks. • Cybersecurity assessments and risk remediation. Conduct cybersecurity assessments and audits; triage and drive remediation of identified risks in collaboration with engineering teams. • Policies and documentation. Author and maintain cybersecurity policies, procedures, and controls documentation to support Cybersecurity and Governance requirements. • Technical security operations. Support cybersecurity operations and IT on technical security tooling, firewalls, networking, endpoint protection, and SIEM. • Security questionnaires and third-party vetting. Respond to bids, tenders, and third-party security vetting. • Security culture and awareness. Champion a security first culture across the organisation: create awareness programs, run training, and embed security-by-design thinking into how teams work. • Data security and governance. Support data security and data governance initiatives across the organisation. • Demonstrably AI-forward. Uses AI in their own workflows and can point to concrete automations they have built or commissioned to take work out of IT and operations.