• Lead and manage security projects. • Assess, design, and document security solutions and processes for Amazon Web Service (AWS) and Azure. • Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction. • Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls. • Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline. • Implement and automate “security as code” using cloud services and CI/CD components as necessary. • Design security architecture, methods, and controls required to meet security, compliance, and audit requirements. • Develop, review, and update a library of technical documentation. • Develop metrics and provide regular reports to senior management. • Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company. • Perform regular security audits and automated compliance checks on AWS and Azure resources. • Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices. • Work closely with DevOps, SREs, and developers to champion a "security by design" culture. • Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities. • Establish security baselines using best practices such as CIS benchmarks. • Work with other teams to test and implement security baselines into cloud environments. • Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance. • Represent Information Security in disaster recovery procedures and exercises. • Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status. • Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure. • Establish processes to perform regular reviews of security configurations of cloud and software development environments. • Develop vulnerability management processes and manage the process to remediate the vulnerabilities. • Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner. • Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact. • Assist in developing and enforcing data governance policies, data classification standards, and compliance workflows (e.g., GDPR, HIPAA, SOC 2). • Provide 24/7 on-call support for security incidents related to network systems and infrastructure.