Key Responsibilities Security Strategy & Governance Develop, implement, and maintain the organization's information security strategy, policies, and standards aligned with business objectives and regulatory requirements (ISO 27001, NIST, HIPA). Risk Management Identify, assess, and priorities information security risks. Maintain the risk register and drive remediation plans in collaboration with stakeholders across all business units. Security Operations Oversight Oversee day-to-day SOC operations including SIEM monitoring, incident triage, threat intelligence, and EDR management to ensure timely detection and response to threats. Incident Response & Crisis Management Lead the response to security incidents, breaches, and crises. Own the Incident Response Plan, conduct post-incident reviews, and drive continuous improvement of detection and response capabilities. Compliance & Audit Ensure adherence to applicable laws, regulations, and contractual obligations. Manage internal and external audits, track findings to closure, and maintain compliance evidence documentation. Vulnerability & Penetration Testing Define and oversee the vulnerability management lifecycle. Commission and review penetration testing engagements, priorities remediation, and report on security posture trends to executive leadership. Security Awareness & Culture Design and deliver security awareness training programs.   Champion a security-first culture across the organization and communicate risk clearly to non-technical audiences. Team Leadership & Development Lead, mentor, and develop the security team. Define KPI frameworks, conduct performance reviews, manage workloads, and build talent pipelines to support organizational growth. Security Architecture & Projects Provide security guidance on new projects, system designs, and technology adoptions. Collaborate with IT and engineering teams to embed security by design into all initiatives. Reporting & Executive Communication Produce regular security dashboards, board-level risk reports, and KPI metrics. Translate complex technical risk into clear business impact narratives for senior leadership.