If I could have my time again I'd focus on enablement of the broader engineering group through an incident management process, readiness exercises, some aggregate incident analyses for the org to learn from and leaning into observability.
Infrastructure is kind of a solved problem for common use cases today, just requires the expertise.
With our ducks in a row I'd next have look to a GRC function for the compliance bits whilst splitting the platform engineers time between embedding engagements and tooling investments.
You're on the right path man, I'd love to know what I know now back then but unfortunately time doesn't work like that.