• Continuously monitored networks for potential security breaches and unauthorized access using SIEM tools and advanced threat detection systems. Investigated security violations and implemented timely incident response strategies to mitigate risks.• Developed, enforced, and maintained comprehensive security policies, protocols, and procedures to safeguard company data, ensuring alignment with industry standards such as NIST, ISO 27001, and CIS Controls.• Performed regular security assessments, vulnerability scans, and audits to identify system weaknesses, recommending and implementing security improvements based on assessment findings and emerging threats.• Analyzed security alerts, intelligence reports, and threat feeds to anticipate potential cybersecurity threats and proactively adjusted defenses based on threat intelligence and trends.• Managed and maintained critical security infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and data loss prevention (DLP) solutions.• Conducted regular penetration testing and ethical hacking to evaluate the security of IT systems and applications, providing detailed reports on vulnerabilities and remediation strategies.• Partnered with IT teams to ensure the secure deployment and configuration of new technologies, software, and systems, overseeing the integration of security measures into development lifecycles (DevSecOps).• Investigated and responded to security incidents, coordinating with internal teams and external partners as necessary, and led root cause analysis and post-incident reviews.• Designed, prepared, and delivered security awareness training programs for employees and stakeholders, promoting a culture of security across the organization.

• Stayed informed on the latest security trends, technologies, and regulatory requirements, ensuring continuous improvement of security posture through research and innovation.• Developed, maintained, and tested incident response plans to ensure efficient and effective threat mitigation, updating plans based on lessons learned and evolving threats.• Conducted thorough risk assessments to identify potential vulnerabilities and provided strategic recommendations for risk mitigation. Implemented risk management frameworks like COBIT or FAIR.• Ensured compliance with industry regulations and standards such as GDPR, HIPAA, PCI-DSS, and SOC 2, supporting audits by providing necessary documentation and evidence.• Analyzed, evaluated, and recommended security technologies and products for potential deployment, ensuring they met the organization's security requirements and budget.• Documented and reported on security incidents, providing detailed analysis, recommendations, and preventive measures. Maintained accurate and up-to-date incident logs.• Collaborated with legal and compliance teams to ensure data privacy and protection, adhering to data protection laws and regulations.• Managed access controls, user permissions, and identity management processes, ensuring effective implementation of least privilege and role-based access controls (RBAC).• Implemented and managed security patches, updates, and configuration changes across all systems and networks, coordinating with IT teams to ensure timely deployment.• Assisted in the development, implementation, and testing of disaster recovery and business continuity plans to ensure systems and data were recoverable in the event of a disruption.