• Coordinate and execute recurring GRC tasks such as quarterly access reviews, audit evidence collection, and risk register reconciliation. • Document and track completion of control activities and escalate issues where needed. • Assist with internal and external audits, ensuring timely and complete evidence collection and review. • Collaborate with Sales, Legal, and Product teams to lead responses for customer security questionnaires and RFPs, progressively owning more complex requests as your experience deepens. • Maintain and continuously improve a centralized repository of commonly requested security documentation and artifacts (e.g., SOC 2, SIG, CAIQ). • Work closely with a broad array of business leaders to conduct initial and periodic vendor risk assessments, ensuring that third parties meet Rightway's security and compliance standards. • Track and follow up on remediation plans and risk treatment for vendors posing unacceptable risk. • Enable and support automation and optimization of the vendor risk assessment lifecycle using both AI and traditional tooling. • Support the implementation and operationalization of AI risk and governance controls in alignment with ISO/IEC 42001 (AI Management System) and emerging regulatory guidance e.g., CAIA (Colorado AI Act). • Monitor AI systems for compliance with ethical and legal standards.

• The Cybersecurity Analyst is responsible for the collection, analysis, validation, monitoring, and response to cybersecurity intelligence and events. • Perform day-to-day operational tasks by analyzing and responding to security events that have been logged and correlated by the SIEM or other security platform. • Monitor all in-place security solutions for efficient and appropriate operations. • Participate in investigation and resolution of anomalous activity. • Serve as a first responder and assist with initial investigations for potential security events. • Analyze configuration and vulnerability information to determine risk to the Bank’s data security. • Provide feedback on tuning of rules and alerts. Recommend tuning of rules that generate alerts to ensure low false positive rates.

• Perform analysis and management of information security risks, identifying vulnerabilities, assessing impacts, and proposing mitigation plans • Validate, review, and govern firewall rules, ensuring adherence to security policies, best practices, and compliance requirements • Work with the Security Operations Center (SOC) to define, validate, and continuously improve monitoring rules, event correlation, and security alerts • Evaluate and validate security incidents, supporting investigations, root cause analysis, and prevention recommendations • Ensure security processes and controls are aligned with ITSM frameworks, information security best practices, and service management • Prepare and maintain technical documentation, risk reports, incident reports, and security metrics • Collaborate with infrastructure, network, application, and governance teams to ensure the effectiveness of security controls • Support internal and external audits, ensuring compliance with security policies, standards, and certifications • Participate in the continuous improvement of cybersecurity processes, contributing to the maturity of the organization’s security posture

• Responsible for Workday Security for all HR modules • Participate in various HR projects to provide technical HR system support • Ensures security, end-user access, and data integrity across all HR platforms • Maintain Workday ticketing system • Help ensure data accuracy by validating security settings • Conduct regular audits of user access and security configurations