Conduct thorough risk assessments to identify potential security risks and vulnerabilities within an organisation's IT environment. Verify compliance with applicable security standards and regulations, such as GDPR, HIPAA, PCI DSS, ISO 27001, NIST CSF, and HISF.

Design security solutions tailored to address the specific needs and requirements of the organisation, including selecting and implementing security controls, technologies, and best practices.

Design and implement Identity and Access Management (IAM) to regulate and monitor access to sensitive data and resources, including user authentication, authorisation, and privilege management systems.

Develop data protection strategies, roadmaps, and frameworks to safeguard sensitive data from unauthorised access, disclosure, or alteration. This may involve implementing endpoint protection, encryption, data masking, and data loss prevention (DLP) techniques to protect data both at rest and in transit.

Design monitoring systems and processes to detect and respond to security incidents in real-time. This includes implementing intrusion detection and prevention systems (IDS/IPS), security information and event management (SIEM) and automated penetration testing solution, and incident response plans to effectively identify, contain, and mitigate security breaches.

Ensure that security solutions align with industry standards, regulatory requirements, and best practices. This include Certification and Accreditation (C & A): Evaluating and certifying the security posture of information systems, products, or services to ensure they meet the specified security requirements and standards outlined in the New Zealand Information Security Manual (NZISM).

Promote a culture of security awareness within the organization by educating employees about cybersecurity best practices through training programs.