• Own the end-to-end process for all client and prospect security questionnaires, acting as the central project manager from the initial JIRA ticket to final delivery. • Review, triage, and assign all questions to the appropriate cross-functional teams (e.g., Engineering, IT, Legal), eliminating ambiguity and coordination burdens from the Client Success Managers (CSMs). • Collaborate with and track progress from all internal stakeholders, actively managing timelines to ensure responses are accurate and completed within established SLAs. • Perform final quality assurance (QA) reviews on all completed questionnaires to ensure the document is cohesive, professional, and all questions are answered before client delivery. • Partner with GRC leadership to develop, document, and refine standardized workflows, creating clear success metrics (e.g., reduced turnaround time). • Act as the primary point of contact for the Sales and Client Success teams on all security-related inquiries, including escalations for new sales and upsell deals. • Represent the cybersecurity team on calls with clients and prospects, acting as the expert to address security concerns and build trust. • Develop, maintain, and promote a "Trust Center" (e.g., using Whistic) by centralizing existing "Go-To-Market Packet" and other documentation to proactively address common security questions. • Manage the intake process for security reviews of non-standard client agreements, collaborating with Legal to formalize the review of data security and AI clauses. • Support the Third-Party Risk Management (TPRM) program by helping to manage automated workflows that flag high-risk vendors for GRC review. • Assist in communicating and enforcing the required Third-Party Security Addendum (TPSA) for new vendors.

• Create, modify, and maintain Epic user records and assign appropriate security based on IS best-practice standards • Review, update, and manage role-based access requirements to ensure least-privilege access • Troubleshoot and resolve complex user access and security issues in a timely, customer-focused manner • Communicate clearly and professionally with peers, leadership, and end users regarding access requests, issues, and resolutions • Support small and large-scale Epic Security and provider file projects • Develop, maintain, and update knowledgebase articles and process documentation • Participate in security audits, reviews, and ongoing process improvement initiatives • Perform additional duties as needed to support the success of the IS Security team

• Atendimento de **chamados de usuários**, incluindo checklist inicial básico de acessos • Atuação em **chamados mais específicos** relacionados à gestão de identidades e acessos • **Gestão de acessos** em ambientes Microsoft (Azure / AD) • Operação e suporte a ferramentas de IDM, com destaque para **Oracle / SailPoint** • Apoio às **demandas de auditoria externa**, incluindo evidências e revisões de acessos • Participação em **revisões periódicas de acessos** • Apoio em **processos de conformidade**, alinhados às normas **ISO 27001 e ISO 27701** • Criação e manutenção de **scripts de automação** e melhorias de processo utilizando **PowerShell**

• Promote, educate and present Security, Risk and Issue information to key stakeholders and the business in all departments to ensure sound risk principles and how they are applied are represented. • Maintain the risk artifacts (register, acceptances/exceptions, vendor onboarding and vendor risk profiles, evaluation SBARCs, reports, metrics). • Execute Corporate, Product, Business Impact and Emerging Tech risk assessments, some as large-scale projects to include interviews, data collection, parsing and analysis, and modeling. • Integrate with partners in Security, Audit and Compliance, Procurement and Legal by understanding the frameworks and vocabularies they are using. • Using deep experience, develop and/or execute logical risk, threat and/or probability models whether automated or manually run. • Develop and maintain human networks including major stakeholders to propagate risk program support; Socialize challenging or counterintuitive future insights into likely risk events to create general risk awareness and thoughtfulness. • Work with total honesty and integrity, declaring errors and proposing fixes immediately, recognizing escalation-worthy information and escalating appropriately, providing confidence levels as appropriate in results. • Be prepared to build things brand new to the organization, whether a special purpose model or new nascent program processes to fill a gap.