• Develop and maintain BW’s enterprise cybersecurity strategy and long-term roadmap. • Lead architecture decisions across cloud, application, identity, data, vulnerability management, and email security domains. • Oversee the implementation and ongoing maintenance of approved security architectures, controls, and technologies. • Ensure security controls are properly deployed, configured, validated, and continuously monitored for effectiveness. • Promote the adoption of Zero Trust principles and secure-by-design engineering practices. • Offer security guidance for AI projects, automation systems, and other emerging technologies. • Work with IT and business teams to ensure the secure design and roll-out of new projects. • Act as BW’s main leader and primary contact for our external cyber defense partner. • Evaluate the delivery of security monitoring, threat detection, response recommendations, and threat insights. • Collaborate to enhance detection coverage, response workflows, communication methods, and tuning. • Evaluate service delivery performance and ensure alignment with BW’s cybersecurity priorities. • Provide strategic leadership during cybersecurity incidents, coordinating with IT, Legal, HR, Privacy, Communications, and other stakeholders. • Serve as the executive-facing cybersecurity representative during significant security events, and coordinate the execution of operational response activities. • Communicate incident severity, business impact, risks, and recommended remediation actions to executive leadership. • Lead post-incident reviews and ensure lessons learned are incorporated into long-term improvements. • Represent cybersecurity during internal audits, external audits, and cybersecurity assessments conducted by key enterprise stakeholders. • Maintain alignment with frameworks such as NIST CSF, ISO 27001, SOC2, and relevant privacy regulations. • Offer senior-level guidance in developing and improving cybersecurity governance programs, policies, standards, and secure architecture guidelines. • Lead enterprise cybersecurity risk assessments and ensure corrective actions are prioritized and implemented effectively. • Provide oversight and direction for cybersecurity elements of privacy and data protection initiatives. • Lead cloud security architecture across AWS and other platforms used by BW. • Guide secure software development practices and coordinate application security reviews. • Oversee identity and access management strategies, including modern authentication and privileged access controls. • Drive Zero Trust adoption across networks, identity, and application environments. • Establish governance and security frameworks for responsible AI usage and advanced automation technologies. • Lead team members focused on cybersecurity architecture, governance, privacy, and strategic initiatives. • Mentor and develop staff capabilities, fostering a culture of continuous learning and innovation. • Strengthen collaboration across IT, Legal, Privacy, Risk, and other business areas to advance cybersecurity maturity. • Act as a trusted advisor to senior leadership on cybersecurity risk, architecture decisions, and strategic initiatives.

• Own and lead the Application Security product roadmap and strategy, ensuring alignment with overall business goals. • Work closely with customers to understand their security requirements, technical environments, and operating models for scaling security programs. • Lead the complete product lifecycle, from high-level strategy and market analysis to detailed user stories and product requirements. • Act as a liaison between technical teams (engineering and design) and business stakeholders to ensure alignment on goals and timelines. • Establish and track clear metrics to measure product success and customer adoption. • Maintain a deep understanding of AppSec market trends and technologies to create a compelling and competitive product strategy.

• Lead Payment Card Industry Data Security Standards (PCI DSS) Assessments as an ISA • Document assessment findings, provide gap analysis and recommendations for remediation • Provide advice and guidance to business units in all areas relating to payment security, including PCI DSS (Payment Card Industry Data Security Standards) and security best practices aligned to Cyber Security strategy • Liaise with external security assessment firms to ensure on-time completion of projects • Assist in preparing formal presentations of compliance status and issues to business units and management. • Partner with business units on the creation and collection of evidence in preparation for internal and external assessments • Lead Quarterly Security Reviews (QSRs) with business teams to ensure applicable PCI DSS controls are being performed and maintained • Advocate security best practice throughout the business • Assist in responding to compliance queries from third parties, clients, client reps, legal, advanced product specialists on behalf of the company

• Own remediation of cloud, identity, and application security findings • Design, implement, and maintain security controls across AWS • Triage and validate security alerts • Lead technical investigation and containment of security incidents • Coordinate incident response with IT, engineering, and external partners • Perform root cause analysis and drive preventative improvements • Improve detection quality by tuning alerts • Support compliance efforts such as SOC 2 • Automate repeatable security tasks • Document incidents, risks, remediation actions, and outcomes • Act as a technical escalation point and mentor