• Build and nurture relationships with CIOs, CSOs, CISOs, Security Engineers, internal audit, and procurement to understand their business goals and objectives in order to propose tailored BPM services • Develop new-logo business through personal lead generation, social selling, and company-supported programs while growing existing BPM client relationships • Position BPM’s cybersecurity consulting, compliance support, and managed IT services, including red teaming, ISO 27001 advisory, NIST security program development, penetration testing, threat detection, risk assessments, third-party risk management, and fractional CISO advisory • Technical pre-sales engineering; collaborate with project management and delivery teams to scope, design, and propose client-specific technical solutions • Write proposal content and custom verbiage to convey a compelling set of BPM services • Engage in self-study and independent work to increase job-related knowledge and skills • Capability to present and discuss BPM solutions effectively in both virtual and in-person meetings • Understand and record client cybersecurity requirements, propose technical solutions, and oversee the selection of services • Identify market trends, competitor activity, and client needs to inform strategic sales approaches and thought leadership • Maintain consistent sales activity, pipeline management, and quarterly business development plans to achieve revenue targets • Collaborate with BPM’s marketing team to identify growth opportunities and increase inbound lead generation • Represent BPM at industry events, conferences, and client meetings to build awareness and credibility • Track opportunities, maintain CRM records, and report on progress toward sales and revenue goals • Draft proposals in response to prospect RFPs

• Owns the enterprise security architecture and multi-year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross functional delivery across IT, cloud, and product teams. • Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, privileged access management (PAM), and secrets and certificate management—enforcing least privilege and zero standing access at scale. • Defines and executes cloud security strategy across Azure and AWS by designing secure landing zones and zero trust guardrails; implements and operationalizes CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure. • Leads network and Zero Trust architecture modernization, including micro segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk. • Elevates security operations architecture and detection strategy, shaping SIEM and XDR correlation across endpoint, identity, email, cloud, and network telemetry; optimizes signal to noise, detection fidelity, and mean time to detect and respond (MTTD/MTTR). • Owns incident response architecture and organizational readiness, developing playbooks for containment, eradication, and recovery; ensures forensic readiness; leads post incident executive reviews and drives durable control improvements aligned to root cause analysis. • Scales security automation and orchestration through SOAR and API driven integrations, automating high impact detections, incident response workflows, access reviews, and vulnerability and patch pipelines; maintains policy as code and audit ready evidence collection. • Hardens enterprise email and social engineering defenses, enforcing DMARC, DKIM, and SPF, advanced BEC protections, and SEG/SASE integrations; analyzing attack trends to inform preventative controls and security awareness initiatives. • Owns enterprise vulnerability and patch governance, implementing risk based prioritization, remediation SLAs, executive dashboards, and validation of fixes; partners with Infrastructure and Cloud teams to continuously improve hardening baselines and exposure metrics. • Embed governance, risk, and compliance requirements into security architecture, aligning designs to HIPAA, HITECH, HITRUST, NIST CSF and 800 series controls, CIS Controls, and ISO 27001; delivering defensible metrics and board level reporting. • Applies healthcare specific security patterns for PHI, EMR/EHR platforms, and connected clinical devices, ensuring secure data flows, strong segmentation, and protection of patient care networks where applicable. • Leads security platform and vendor strategy, including evaluation and proof of value, selection, enterprise rollout, and optimization of EDR/XDR, SIEM, IAM/IGA/PAM, and cloud security platforms; demonstrate measurable risk reduction and return on security investment.

• Develop a deep operational understanding of tools, architectures, and processes across the security ecosystem. • Build, maintain, and expand strategic relationships with key vendors and emerging technology partners. • Conduct evaluations of new technologies, products, and solutions to ensure alignment with client needs and industry best practices. • Maintain awareness of vendor certifications, industry advancements, and emerging security capabilities. • Lead and coordinate “vendor days” with key partners for internal team enablement and education. • Compare and contrast competitive solutions to determine the most effective fit for client requirements. • Serve as the design/architecture lead and primary technical interface for clients throughout the engagement lifecycle. • Identify vendors and partners that align to operational requirements, budgets, and client resource constraints. • Lead solution demos with vendor support, ensuring the demos are tailored to client objectives and clearly differentiated. • Produce, socialize, and document both operational and technical requirements. • Provide options and solution pathways that best align with client maturity, business strategy, and budget. • Evaluate client people, processes, and existing technologies to identify optimization opportunities. • Assist clients with the development of RFIs, RFPs, and program requirements. • Collaborate with GPS SMEs to provide specialized insight, assessments, or validation as needed. • Identify overlaps and gaps within client environments and provide clear recommendations for remediation or enhancement. • Perform technical validation and rationalization of proposed solutions to ensure feasibility, effectiveness, and long-term value. • Support compliance-aligned documentation efforts, ensuring architectures and decisions reflect industry and regulatory expectations. • Lead risk-mitigation activities throughout solution evaluation and implementation. • Advocate for client engineers and technical leaders, ensuring their priorities are incorporated and supported. • Support ongoing alignment of technical roadmaps with client strategic objectives and security programs. • Provide optimization strategies to improve solution adoption, operational efficiency, and measurable outcomes. • Coach client teams, ensuring clarity of roles, solution capabilities, and expected results. • Continuously update, refine, and communicate architectural plans to keep pace with evolving technologies and business needs.

• The Sr Information Security Engineer is responsible for designing, implementing, and continuously improving the technical security controls that protect internally developed applications, including cloud systems, containerized, and serverless workloads. • This role is a hands-on application security specialist who performs deep secure code reviews, leads threat modeling, and drives remediation of complex vulnerabilities across the SDLC. • Collaborating with other technical teams, this role ensures secure application development, deployment, and operation by assessing maturity, defining security requirements and guardrails, and delivering prioritized recommendations to improve pipeline controls, tooling, and integrations within the DevSecOps pipeline. • Key responsibilities include conducting application security assessments, guiding secure software development practices, and advancing the maturity of application security capabilities. • The Information Security Engineer partners with development, operations, and security teams to embed security into development practices and responds as a subject matter expert during application-related security incidents.