• Conduct regular security assessments and audits of systems and networks to identify vulnerabilities and risks. • Monitor and analyze security threats and incidents and provide recommendations for remediation. • Assist with the implementation of internal controls to maintain compliance with regulatory and statutory security frameworks (e.g., NIST, SOC 2, HITRUST). • Collaborate with other IT teams to ensure security is integrated into all aspects of the company's technology infrastructure. • Develop and implement security policies and procedures. • Participate in incident response and disaster recovery planning. • Stay up to date with the latest security threats, trends, and technologies, and make recommendations to improve our security posture. • Research/evaluate emerging cyber security threats and ways to manage them. • Plan for disaster recovery and create contingency plans in the event of any security breaches. • Test and evaluate security products. • Design new security systems or upgrade existing ones. • Use advanced analytic tools to determine emerging threat patterns and vulnerabilities. • Engage in 'ethical hacking', for example, simulating security breaches. • Identify potential weaknesses and implement measures, such as firewalls and encryption. • Monitor identity and access management, including monitoring for abuse of permissions by authorized system users. • Consult with stakeholders in relation to cyber security issues and provide future recommendations. • Generate reports for both technical and non-technical staff and stakeholders. • Maintain an information security risk register and assist with internal and external audits relating to information security. • Assist with the creation, maintenance, and delivery of cyber security awareness training for colleagues. • Performs other related duties as assigned.