Click Therapeutics, Inc.

• Initiate and manage complaint records for investigational and commercial SaMD applications from receipt to closure in a timely and compliant manner. • Maintain all records in a state of audit readiness ensuring compliance with internal procedures and applicable regulatory requirements. • Evaluate incoming complaint information on whether reporting to applicable government agencies is required. • Coordinate with cross-functional teams to gather investigation information and determine root cause of issues. • Perform trend analysis on complaints and evaluate whether complaints result in a new or changed risk, initiating and coordinating updates to Risk Management File as applicable. • Coordinate, in collaboration with cross-functional team members, quality aspects of release management including the scheduling and execution of software verification formal release. • Support the creation of release documentation including testing plans and reports ensuring accurate configuration management and traceability. • Maintain the log of known software anomalies initiating updates as anomalies are identified, including creating and maintaining nonconformance records as applicable, and ensuring timely cross-functional evaluation of the risk of each anomaly. • Ensure the products’ Design & Development Files are maintained and updated in compliance with applicable regulations and standards. • Assist product risk management activities to establish product risk assessments and trace the implementation of risk controls. Actively monitor for product risks and communicate/escalate as needed. • Lead interdisciplinary design reviews at product development milestones. • Enable clear communication, prioritization, and decision making across teams to efficiently document and help manage the handling of product changes and incidents per Click’s quality management procedures.

• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.