Jacob Riggs

Led global security operations, incident response, penetration testing, and vulnerability management programs, enhancing organizational resilience across diverse international markets.

Shaped enterprise security direction, providing executive-level counsel on strategic risk decisions and aligning security initiatives with overarching business objectives.

Drove significant uplift in global ISO27001 and SOC2 maturity, achieving continual compliance and strengthening governance across all operational regions.

Embedded robust risk management standards and processes, ensuring consistent audit-readiness and compliance across all international business units.

Strengthened engineering practices and architected scalable, secure enterprise solutions, reducing systemic vulnerabilities and enhancing infrastructure integrity.

Implemented comprehensive ISMS roadmaps, integrating security assurance into global technology initiatives to proactively manage cyber risks.

Directed advanced threat intelligence capabilities to anticipate emerging risks, significantly strengthening defensive posture and proactive threat mitigation strategies.

Steered global vulnerability management, prioritizing remediation efforts to reduce systemic exposure and enhance overall security posture.

Coordinated multi-regional security projects, ensuring timely delivery and alignment with global security objectives.

Contributed to the development of global security policies and procedures, enhancing consistency and effectiveness across diverse operational landscapes.

Supported the Director of Information Security in strategic planning and execution of key security programs.

Provided technical expertise and mentorship to junior security professionals across various international teams.

Led the successful delivery of a secure and operationally resilient in-house Security Operations Center (SOC) function, improving threat detection and response capabilities.

Drove the development and implementation of the Information Security Management System (ISMS) and broader security strategy, enhancing organizational security posture.

Managed penetration testing, vulnerability management, and offensive security engineering initiatives, identifying and remediating critical vulnerabilities across systems.

Provided expert risk-based consultancy on security controls and operations, advising leadership on best practices and mitigation strategies.

Directed day-to-day monitoring and administration of the organization's cyber security controls, ensuring continuous protection of critical assets.

Authored and refined security policies, procedures, standards, and playbooks, establishing clear guidelines for maintaining a robust security environment.

Assisted in the implementation and maintenance of security systems, contributing to a 15% reduction in detected vulnerabilities.

Supported penetration testing and vulnerability assessments, identifying critical weaknesses in enterprise applications and infrastructure.

Developed and updated security documentation, including policies and procedures, to align with industry best practices.

Participated in incident response activities, helping to mitigate threats and restore system integrity.

Investigated and responded to critical network/host intrusion detection alerts, reducing incident resolution time by 20%.

Coordinated responses to IT security incidents and breaches, including post-incident reviews to prevent recurrence.

Monitored the external threat landscape, providing timely risk advisories to leadership and informing proactive security measures.

Refined corporate security policies and procedures, enhancing overall security posture and compliance.

Conducted forensic analysis of suspect malware using sandbox environments, identifying attack vectors and improving defensive strategies.

Managed firewall changes and approvals, ensuring secure network configurations and minimizing unauthorized access points.

Maintained and optimized security monitoring platforms and logic, increasing visibility into potential threats and system anomalies.

Designed and implemented security builds, standards, and baselines for systems and services, enhancing data protection across the enterprise.

Identified and reported critical vulnerabilities in company-deployed web applications and software, leading to proactive remediation.

Performed in-depth vulnerability analysis across software, hardware, and network infrastructure, identifying critical security gaps.

Developed and implemented novel testing methodologies to uncover hidden vulnerabilities across diverse systems.

Assessed and refined the organizational threat model, accurately pinpointing and mapping likely entry points for malicious actors.

Maintained up-to-date awareness of emerging security threats and malware, integrating intelligence into testing strategies.

Contributed to hardening enterprise infrastructure by implementing advanced security standards and configurations.

Engaged stakeholders to map the infrastructure estate, significantly improving visibility of the attack surface and informing security strategy.

Implemented and managed enterprise-level IDS/IPS systems, dynamically configuring rule sets to enhance threat detection by 25%.

Responded to Data Loss Prevention (DLP) alerts, educating users on data protection best practices and reducing sensitive data exposure.

Managed enterprise PGP key lifecycle, including generation, issuing, publishing, and revocation, ensuring secure communication channels.

Administered enterprise AV suites, protecting infrastructure, client systems, and collaboration platforms from malware and advanced persistent threats.

Reviewed web gateway reputation requests for whitelisting, optimizing access while maintaining strong security controls.

Collaborated with third-party penetration testers, updating security controls, and overseeing remediation efforts based on assessment findings.

Supported strategic business alignment by advising the Information Security Working Group (ISWG) on security implications.

Provided user administration and training for the SecureDrop whistle-blowing platform, ensuring secure and confidential communication channels.

Recommended and implemented cybersecurity solutions and best practices, enhancing the organization's security posture by an estimated 10%.

Assisted in the full lifecycle of security solution management, from creation and implementation to ongoing maintenance.

Contributed to the management of the Service Continuity Plan, improving organizational resilience and disaster recovery capabilities.

Conducted vulnerability analysis within Design Briefs for security projects, proactively identifying and mitigating risks in early development stages.

Designed and executed comprehensive audits of systems and processes, ensuring 100% compliance with operational security standards.

Assisted in the automation of critical security functions, including patching, email security, encryption, and backups, improving efficiency by 15%.

Managed third-party assurance activities for suppliers and contractors, mitigating external security risks and ensuring compliance with organizational policies.

Supported the Data Protection (DP) team by managing technical controls and mapping data protection risks, safeguarding sensitive customer information.