• Own the 24-month global security roadmap developed with an external partner; drive planning, resource allocation, cross-region rollout, milestone tracking, and KPI delivery. • Deliver and maintain certifications and frameworks: lead efforts to achieve ISO 27001 certification, align to the NIST Cybersecurity Framework, and ensure GDPR compliance (and applicable regional privacy laws). • Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles (DevSecOps). • Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle. • Establish enterprise governance and risk programs: policy management, risk assessments, third-party risk, incident response, crisis management, business continuity, and regular tabletop exercises. • Client-facing responsibilities (~20%): act as a senior security advisor to key global customers, lead security briefings and audits, support RFPs and security questionnaire responses, and maintain strong client relationships. • Reporting and stakeholder communication: deliver executive and Board-level reporting on security posture, program progress, risk, and ROI. • Manage external partners and audits: coordinate with the third-party consulting firm, external auditors, penetration testing vendors, and technology providers. • People leadership: recruit, mentor, retain, and scale global security talent; define career paths, training programs, and local leadership to sustain capabilities.