Own controls across SOC 2 Type II, ISO 27001, and HIPAA, keep live evidence green and ensure continuous audit readiness. Run identity & access lifecycle across IdP, AWS/GCP/Azure, and critical SaaS, drive least-privilege and quarterly reviews. Triage and drive security engineering work with Eng leads, manage backlog, SLAs, and closure.