• Lead and manage SOC 1 and SOC 2 examinations under AICPA standards in a complex, rapidly evolving technology environment, partnering with external auditors and internal teams to design, implement, and continuously improve IT control processes • Support end-to-end SOX planning and execution, including IT system scoping, audit readiness, and development and delivery of training for control owners operating in a high-growth, regulated business • Act as a trusted advisor to Security, IT, Infrastructure, Engineering, Data, and Finance teams, translating SOX and audit requirements into practical, scalable controls aligned with modern technology stacks • Lead security and IT control gap assessments, evaluate control design and operating effectiveness, and drive remediation efforts through to completion in partnership with control owners • Facilitate the ongoing maturation of IT general controls (ITGCs) and IT application controls (ITACs), balancing regulatory expectations with the pace of product and platform innovation • Oversee the quality and execution of audit initiatives, applying strong professional judgment to identify control gaps, assess risk, and guide teams through complex audit and compliance matters • Perform impact assessments for SOX control deficiencies and design risk-based, pragmatic remediation plans that stand up to auditor scrutiny without slowing the business • Implement and enhance controls monitoring and defense-in-depth across key IT risk areas to improve audit outcomes and strengthen the overall control environment • Partner cross-functionally to identify systemic program challenges, recommend process improvements, and drive durable solutions in a scaling organization • Develop and maintain clear, auditor-ready documentation, including data flow diagrams and process flowcharts for high-risk security and financial processes • Work closely with internal and external auditors, helping them navigate a sophisticated IT control environment and ensuring efficient, high-quality audits • Support audit evidence collection and continuous improvement initiatives, including leveraging automation to improve efficiency, consistency, and scalability

• Lead and manage SOC 1 and SOC 2 examinations under AICPA standards in a complex, rapidly evolving technology environment, partnering with external auditors and internal teams to design, implement, and continuously improve IT control processes • Support end-to-end SOX planning and execution, including IT system scoping, audit readiness, and development and delivery of training for control owners operating in a high-growth, regulated business • Act as a trusted advisor to Security, IT, Infrastructure, Engineering, Data, and Finance teams, translating SOX and audit requirements into practical, scalable controls aligned with modern technology stacks • Lead security and IT control gap assessments, evaluate control design and operating effectiveness, and drive remediation efforts through to completion in partnership with control owners • Facilitate the ongoing maturation of IT general controls (ITGCs) and IT application controls (ITACs), balancing regulatory expectations with the pace of product and platform innovation • Oversee the quality and execution of audit initiatives, applying strong professional judgment to identify control gaps, assess risk, and guide teams through complex audit and compliance matters • Perform impact assessments for SOX control deficiencies and design risk-based, pragmatic remediation plans that stand up to auditor scrutiny without slowing the business • Implement and enhance controls monitoring and defense-in-depth across key IT risk areas to improve audit outcomes and strengthen the overall control environment • Partner cross-functionally to identify systemic program challenges, recommend process improvements, and drive durable solutions in a scaling organization • Develop and maintain clear, auditor-ready documentation, including data flow diagrams and process flowcharts for high-risk security and financial processes • Work closely with internal and external auditors, helping them navigate a sophisticated IT control environment and ensuring efficient, high-quality audits • Support audit evidence collection and continuous improvement initiatives, including leveraging automation to improve efficiency, consistency, and scalability

• Coordinate and manage responses to customer enquiries, including contributing to Request for Proposals (RFP), responding to customer security enquiries, diligence assessments, customer audits, etc. • Perform technical assessments and documentation around key controls and security processes, including working knowledge of key controls across a number of industry best practices • Liaise with customers, articulating control implementation, and describing considerations for applying security and compliance concepts to a technical environment. Simplify security compliance requirements into clear technical control specifications and policies. • Field and address requests for team support in collaboration with internal and external stakeholders. • Communicate effectively and regularly with internal teams and customers • Continuously build and refine knowledge base information, whitepapers, frequently asked questions, control narratives, etc. and contribute to ongoing development and improvement. • Understand the impact of security in our go-to-market pipeline, report on trends and help us improve how we invest in security. • Stay apprised on industry standards and regulations for security and compliance

• Information Security Operations Engineer is a member of the Gen Re Security team, who will leverage extensive experience in security operations to oversee and enhance proactive defenses and response capabilities. • The candidate shall work closely with Security and other IT practice leads to ensure that detection logic, incident response workflows, data quality, automation, and team collaboration are continuously improved and effectively managed. • The role entails strategic planning, research, testing, and implementation of new solutions, as well as the operation and maintenance of current solutions. • Refine detection logic and improve alert fidelity across platforms such as CrowdStrike, Taegis, and Varonis. • Enhance incident response workflows and update runbooks to reflect current tooling and evolving threat scenarios. • Perform gap analysis and coverage mapping to ensure security data quality, log integrity, and timestamp accuracy. • Implement security automation and orchestration to reduce manual effort and improve operational efficiency. • Conduct reviews of alerts and enforce effective timely incident investigation.