• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.

• Help build and scale a forward-looking security program • Ensure security of data and client’s digital assets • Work on various information security projects • Identify and evaluate risk to the Information Security Program • Create and improve controls to manage operational risks • Contribute to the long-term strategy of Information Security Team

• Support the design and configuration of enterprise information systems in alignment with security standards and requirements • Review and improve the security posture • Review new and existing system security plans • Participate in architecture reviews • Create and refine threat models • Offer technical guidance to minimize security risks • Oversee the execution of cybersecurity initiatives • Collaborate with other teams and serve as a subject matter expert while adhering to best security practices

• Ensure the security and safety of all business information, both at rest and in transit. • Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements. • Partner with engineering and DevOps on secure architecture. • Partner with Compliance and Legal on regulatory requirements. • Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security. • Manage Infrastructure Security. • Enhance and maintain the current network per IT policy. • Analyze security breaches to determine root cause, then mitigate any discovered issues. • Participate in architecture reviews and provide security approvals. • Manage security incident policy and response plan execution. • Provide quarterly and security assessment reviews. • Conduct all 3rd party vendor security assessment. • Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.). • Maintain and administer security awareness training curriculum for employees. • Lead certification efforts for SOC 2, SOX ITGC Audits. • Work cross-functionally within the company to fulfill security requirements.