Ensure high standards for methodology, reporting quality, reproducibility, and remediation guidance. Implement robust metrics, dashboards, and OKRs that show coverage, risk reduction, and timetoremediate Audit and regulatory exam outcomes (ontime, no/lowseverity issues, rapid issue closure). Establish scalable catalog services, rate cards, and standard scoping templates to improve predictability and throughput. Govern endtoend regulatory assessment obligations (e.g., SOX, GLBA, GDPR/CCPA, NYDFS, ISO/IEC 27001, MAS TRM), ensuring scope alignment, evidence lifecycle management, and audit readiness. Maintain policy, standards, and playbooks for penetration testing and red team operations mapped to NIST SP 800115, PTES, OWASP ASVS/MASVS, MITRE ATT&CK/D3FEND. Recruit, develop, and retain top talent across pen test, red team, cloud/offensive engineering, and program management disciplines. Build a highperformance culture with clear career paths, mentoring, and communities of practice. 15+ years of progressive experience in Information Security or related fields, including a specialization in offensive security (penetration testing, ethical hacking, red team/adversary emulation). 7+ years leading large, multi-regional teams (direct leadership of managers and senior ICs). 5+ years owning audit-facing or regulator-facing security programs, including evidence management and exam coordination. Evidence lifecycle governance (from scoping approvals to final reports and remediation validation) with strong documentation and version control. RASCI models, QA/QC gates, and repeatable playbooks to ensure consistent, auditready outcomes. Experience in highly regulated industries (e.g., financial services, healthcare, critical infrastructure, technology/SaaS). Experience with cloud, containers/Kubernetes, network segmentation, microservices, and modern SDLC/DevSecOps patterns. Familiarity with identity and access attacks (SSO/OAuth/OIDC), data security, SaaS attack surfaces, and supplychain testing. Handson understanding of offensive tooling and frameworks, with rigorous safety and legal controls.