• Konzeption, Umsetzung und Pflege von IT-Sicherheits- und Gesamtsicherheitskonzepten, inkl. Überführung in ein DB-gestütztes Content-Management-Systemen • Durchführung von Risikoanalysen, Schutzbedarfsfeststellungen sowie Ableitung geeigneter Maßnahmen • Coaching und fachliche Unterstützung bei der Erstellung, Pflege und Weiterentwicklung von IT-Sicherheitskonzepten und -Richtlinien • Beratung von technischen Produktverantwortlichen und IT-Sicherheitsverantwortlichen, insbesondere im Umgang mit dem ISMS-Tool • Abstimmung und Umsetzung neuer IT-Grundschutz- und BSI-Anforderungen in bestehenden Sicherheitskonzepten • Durchführung von internen Audits nach Vorgaben sowie Unterstützung bei IT-Sicherheitsanfragen • Erstellung, Review und Pflege aller mit geltenden sicherheitsrelevanten Dokumentationen

• Provide cybersecurity advisory support to IT and business stakeholders • Administer, maintain, and optimise enterprise security tools • Conduct daily and scheduled health checks on security platforms • Monitor, analyse, and triage tool outputs • Manage and resolve cybersecurity tooling and advisory service requests • Develop and maintain operational documentation • Collaborate with Cybersecurity Operations, Infrastructure, and Architecture teams • Identify opportunities to streamline, automate, and improve cybersecurity tooling processes

• Lead and manage the GRC and Security Engineering teams, including strategy, objectives, staffing, coaching, and performance management. • Own governance, risk, and compliance programs. Maintain ISO 27001 and related controls. Drive audit readiness for HIPAA and other frameworks. Coordinate policy lifecycle management and control testing. • Run vendor assessment and qualification program. Oversee third party risk management, due diligence, contractual security requirements, and continuous monitoring. • Provide AI related security assessments and guidance. Establish acceptable use guardrails for AI, assess model and data risks, and advise on controls for AI enabled solutions. • Oversee security architecture for cloud environments and enterprise platforms. Partner with engineering on secure design for AWS, Azure, identity, network, and data protection. • Direct security engineering operations. Manage EDR and threat detection with CrowdStrike, SIEM operations, CSPM posture management, vulnerability management, and SOAR automation. • Lead incident response readiness and execution. Run tabletop exercises, coordinate investigations, and deliver root cause and lessons learned. • Own and manage security budgets, multiyear planning, vendor contracts, and cost optimization while meeting control objectives. • Report program status and risk posture to executives and the board. Define and track KPIs and KRIs. Communicate clearly with technical and non technical stakeholders. • Establish and enforce secure software development practices and SDLC controls with engineering leadership. • Maintain a current security roadmap and maturity plan aligned to business priorities. • Oversee metrics, dashboards, and reporting for program performance and risk reduction. • Coordinate with Legal, Privacy, and Compliance on regulatory obligations and customer security assessments. • Champion security awareness training and culture, sponsor targeted training for engineering and high risk roles. • Evaluate, select, and manage strategic security vendors and platforms, drive successful implementations and integrations. • Represent security in customer meetings and due diligence, provide credible technical and compliance answers.

• Serve as the primary subject matter expert for Palo Alto Networks technologies (NGFWs, Cloud NGFW, Panorama), Web Application Firewall, Content Delivery Network, API Security, IDS/IPS, and DDoS prevention • Own onboarding, policy tuning, and lifecycle management for WAF and CDN platforms; lead firewall ruleset optimization, IDS/IPS tuning, and DDoS protection configuration • Partner with internal teams to drive the global rollout, tuning, and operational management of URL filtering and TLS decryption across the network estate • Lead API security efforts — ensuring API traffic routes through security tooling, identifying vulnerabilities, and working with application teams on fixes • Lead troubleshooting of complex, multi-layer global network and application issues — from packet captures on inter-continental BGP topologies to WAF false-positive triage • Partner with business and application teams to produce clear, actionable security documentation, change proposals, and executive-ready findings • Analyze existing network security architectures, processes, and procedures to identify gaps and drive meaningful improvements • Configure and report on defensive measures against advanced threat actor tactics; maintain current awareness of the evolving threat landscape and the effectiveness of our defenses against them • Communicate complex technical problems and solutions clearly to both global engineering teams and C-suite stakeholders • Champion the broader Security team’s initiatives, not just Network Security Engineering • Participate in the maintenance and tuning of all network security technologies including WAFs, CDNs, VPNs, and application-aware firewalls • Leverage and contribute to automation pipelines for global firewall rule deployment and policy management across the network estate • Utilize security tooling telemetry and data collection automations to produce actionable reporting and metrics for internal teams and executive stakeholders