• Define and maintain enterprise endpoint security reference architectures and roadmaps across Windows, macOS, Linux, iOS/Android, and specialized devices (IoT/OT where applicable) • Serve as portfolio owner for endpoint security solutions, including lifecycle management, investment planning, vendor strategy, and cost optimization • Lead design and adoption of modern endpoint protection platforms (NGAV, EDR, XDR) and ensure integration with SOC/SIEM/SOAR for advanced detection and response • Establish endpoint hardening, encryption, and privilege management standards (BitLocker, FileVault, AppLocker/WDAC, Just-in-Time access) • Drive UEM/MDM strategies (Intune, JAMF, Workspace ONE, etc.) to secure corporate, BYOD, and hybrid device environments • Ensure endpoint posture and compliance signals integrate into Zero Trust and conditional access models • Collaborate with IT, security, and operations teams to balance strong endpoint protection with workforce usability and productivity • Lead architectural risk assessments for endpoint platforms and ensure alignment with regulatory frameworks (NIST, ITAR/EAR, ISO 27001, CIS Benchmarks) • Mentor engineers and architects, raising enterprise capability in endpoint security best practices • Develop and track KPIs/metrics that demonstrate endpoint risk reduction, adoption of security controls, and value realization from endpoint investments