• Translate security policies and frameworks into practical implementation plans across IT, EA, and Cloud teams • Drive execution of key initiatives: • Vulnerability management • Patch compliance • Endpoint security • Identity & access management • Establish and enforce security standards across systems and platforms • Lead implementation of global compliance frameworks: • CMMC • NIST 800-171 / NIST CSF • Regional regulatory requirements (e.g., GDPR, UK/EU compliance) • Translate controls into operational processes and technical enforcement • Ensure audit readiness, evidence collection, and control validation + Maintain consistency of compliance practices across global teams • Own vulnerability management program • Define remediation SLAs and track execution • Partner with IT, Cloud, and Application teams to drive remediation • Act as the bridge between InfoSec, IT, EA, Cloud, and regional teams • Manage and coach a team of 2 InfoSec professionals

• Develop and execute a territory plan to drive repeatable revenue within assigned accounts. • Collaborate with account executives to identify and maximize cross-sell opportunities for Securiti AI solutions. • Lead the entire sales process, serving as a trusted advisor, and presenting compelling business cases to customers. • Manage a pipeline of high-value opportunities, ensuring accurate forecasting and CRM discipline. • Expand relationships with key channel partners and resellers to accelerate deal flow and market reach.

• Lead the strategy and execution for modern Identity and Access Management • Design and drive scalable, secure-by-default identity guardrails for workforce and platform/product environments • Lead key initiatives such as Zero Trust enforcement, Non-Human Identity (NHI) governance, IAM Threat Management and automation of identity workflows • Define the enterprise and platform IAM strategy for human identities, NHI, and AI/agent identities • Establish identity reference architectures, patterns, and paved roads for product teams and internal engineering • Build and operationalize controls for service identities, workload identities, API identities, bots, and automation accounts across cloud, CI/CD, and runtime environments • Drive adoption of short-lived, federated credentials where feasible; reduce static secrets and unmanaged service accounts • Implement lifecycle governance for NHI: creation standards, ownership, rotation/attestation, inactivity reaping, and incident response playbooks • Define secure patterns for AI acting on behalf of users or services • Partner with AI platform teams to implement guardrails: identity provenance, policy enforcement, auditing, and kill-switch mechanisms for misbehaving agents • Ensure AI identity behaviors are measurable and governable (logging, traceability, approvals for sensitive actions, segmentation of duties) • Build/standardize authorization models (RBAC/ABAC/ReBAC as appropriate) across workforce and product systems • Drive consistent policy as code, access reviews, and privileged access workflows • Define standards for token scopes, claims, session constraints, step-up auth, and sensitive action protections • Improve detection/response for identity threats: anomalous token use, privilege escalation, credential misuse, service-account sprawl • Create metrics and reporting for identity posture and platform adoption

• Responsible for advancing Humana’s cybersecurity strategy through executive and board level engagement and organizational change management • Ensures Humana’s cyber strategy is clearly communicated to senior leadership and the Board while being effectively implemented, adopted, and sustained across the organization • Works with EIP Department leaders to design and develop strategic goals, objectives, and initiatives that improve EIP program operations, talent, and associated delivery of technical tools and solutions • Provides data-based strategic direction to identify and address security-related business issues and opportunities • Drives a security-centric culture by applying organizational change management strategies to enable adoption of Cybersecurity strategic priorities and focusing on the people side of change