You’ve worked on security programs where a recognized framework was used to organize controls, assessments, and remediation work. The interviewer wants to understand whether you have applied a framework in a practical way rather than just knowing the terminology.
What is your experience with security frameworks such as NIST or ISO 27001, and how have you used them to guide execution, stakeholder alignment, and measurable security improvements?