• Lead the strategy and execution for modern Identity and Access Management • Design and drive scalable, secure-by-default identity guardrails for workforce and platform/product environments • Lead key initiatives such as Zero Trust enforcement, Non-Human Identity (NHI) governance, IAM Threat Management and automation of identity workflows • Define the enterprise and platform IAM strategy for human identities, NHI, and AI/agent identities • Establish identity reference architectures, patterns, and paved roads for product teams and internal engineering • Build and operationalize controls for service identities, workload identities, API identities, bots, and automation accounts across cloud, CI/CD, and runtime environments • Drive adoption of short-lived, federated credentials where feasible; reduce static secrets and unmanaged service accounts • Implement lifecycle governance for NHI: creation standards, ownership, rotation/attestation, inactivity reaping, and incident response playbooks • Define secure patterns for AI acting on behalf of users or services • Partner with AI platform teams to implement guardrails: identity provenance, policy enforcement, auditing, and kill-switch mechanisms for misbehaving agents • Ensure AI identity behaviors are measurable and governable (logging, traceability, approvals for sensitive actions, segmentation of duties) • Build/standardize authorization models (RBAC/ABAC/ReBAC as appropriate) across workforce and product systems • Drive consistent policy as code, access reviews, and privileged access workflows • Define standards for token scopes, claims, session constraints, step-up auth, and sensitive action protections • Improve detection/response for identity threats: anomalous token use, privilege escalation, credential misuse, service-account sprawl • Create metrics and reporting for identity posture and platform adoption

• Responsible for advancing Humana’s cybersecurity strategy through executive and board level engagement and organizational change management • Ensures Humana’s cyber strategy is clearly communicated to senior leadership and the Board while being effectively implemented, adopted, and sustained across the organization • Works with EIP Department leaders to design and develop strategic goals, objectives, and initiatives that improve EIP program operations, talent, and associated delivery of technical tools and solutions • Provides data-based strategic direction to identify and address security-related business issues and opportunities • Drives a security-centric culture by applying organizational change management strategies to enable adoption of Cybersecurity strategic priorities and focusing on the people side of change

Company Overview Throughout our worldwide network of experts, clients and communities, we are renowned for our leadership in fire protection engineering – a legacy of responsibility we have proudly upheld since 1939. Today, our expertise extends broadly across closely related security and risk-based fields – from accessibility consulting and risk analysis to process safety, forensic investigations, security risk consulting, emergency management, digital innovation and more. Our engineers and consultants collaborate to solve complex safety and security challenges, ensuring our clients can protect what matters most. For over 80 years, we have helped mitigate risks that threaten lives, property and reputations. Through technology, expertise and industry-leading research, we remain dedicated to our purpose of making our world safe, secure and resilient. At Jensen Hughes, we believe that creating and sustaining a culture of trust, integrity and professional growth starts with putting our people first. Our employees are our greatest strength, and we value the unique perspectives and talents they bring to our organization. Our wide range of Global Employee Networks connect people from across the organization, supporting career development and providing forums for individuals to share experiences on topics they're passionate about. Together, we are cultivating a connected culture where everyone has the opportunity to learn, grow and succeed together. Job Overview We are hiring a Senior Manager – Information Security & Global Compliance to drive the organization’s security posture by translating security policies, global compliance requirements, and risk frameworks into actionable execution across IT, Enterprise Applications, Cloud, and Digital teams. This is a hands-on leadership role that combines technical depth, cross-functional influence, and execution discipline. You will lead security initiatives including vulnerability management, endpoint security, identity governance, and global compliance (CMMC, NIST, regional requirements), ensuring security and compliance are embedded into daily operations—not treated as separate functions. Responsibilities: Security strategy & execution: - Translate security policies and frameworks into practical implementation plans across IT, EA, and Cloud teams - Drive execution of key initiatives: - Vulnerability management - Patch compliance - Endpoint security Identity & access management - Establish and enforce security standards across systems and platforms Global compliance & governance: - Lead implementation of global compliance frameworks: - CMMC - NIST 800-171 / NIST CSF - Regional regulatory requirements (e.g., GDPR, UK/EU compliance) - Translate controls into operational processes and technical enforcement - Ensure audit readiness, evidence collection, and control validation + Maintain consistency of compliance practices across global teams Vulnerability & risk management: - Own vulnerability management program - Define remediation SLAs and track execution - Partner with IT, Cloud, and Application teams to drive remediation - Provide clear reporting on risk posture and trends Cross-functional leadership: - Act as the bridge between InfoSec, IT, EA, Cloud, and regional teams - Drive accountability without direct authority - Embed security into system design, delivery, and operations Identity & endpoint security: - Oversee identity governance and access control models (least privilege, RBAC) - Ensure endpoint security and system hardening standards are implemented - Partner with IT to enforce secure configurations Security & compliance reporting: - Define and track key metrics - Vulnerability remediation timelines - Patch compliance rates - Control effectiveness - Deliver executive-level reporting on global security posture - Highlight risks, gaps, and remediation progress - Track and report key security metrics Vendor security: - Evaluate vendor security and compliance posture - Ensure security requirements are included in onboarding and renewals - Partner with procurement and IT to manage third-party risk Team leadership: - Manage and coach a team of 2 InfoSec professionals - Set priorities and ensure execution of security and compliance initiatives - Drive accountability, growth, and performance within the team Requirements (must have): - 12+ years of experience in Information Security - Strong hands-on experience in: - Vulnerability management in Rapid7 - Endpoint security and patching - Identity and access management - Proven experience implementing: - CMMC - NIST 800-171 / NIST CSF - Experience driving execution across multiple teams and functions - Strong understanding of IT infrastructure, cloud environments, and enterprise systems - Experience managing small teams Preferred qualifications: - Experience in global organizations with multi-region compliance requirements - Familiarity with: - GDPR or regional data protection laws - GCC High / secure enclave environments - Experience supporting audits and regulatory assessments - Certifications: - CISSP - CISM - Security+ Key outcomes: - Measurable improvement in vulnerability remediation timelines - Improve overall security posture through Policy and Procedures - Strong, audit-ready compliance posture (CMMC, NIST, global frameworks) - Clear and consistent executive reporting - Improved collaboration across IT, Application, Cloud, and Security teams - Effective development and performance of direct reports Please note that the salary range provided is a good faith estimate for the position at the time of posting and not a guarantee of compensation. Final compensation may vary based on factors, including but not limited to, responsibilities of the job, education, experience, knowledge, skills, and abilities, geographic location, internal equity, alignment with market data. Jensen Hughes offers a competitive total rewards package, which includes a retirement plan, healthcare coverage, and a broad range of other benefits. Incentives and/or benefit packages may vary depending on the position and location. National Pay Range $160,000—$180,000 USD Jensen Hughes is an Equal Opportunity Employer. Qualified candidates will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. At Jensen Hughes, we embrace innovation and understand that people are increasingly using artificial intelligence (AI) tools like ChatGPT and other generative platforms to learn, prepare and communicate. We have provided some guidelines regarding the responsible use of AI in the recruitment process. Please click here to review. The security of your personal data is important to us. Jensen Hughes has implemented reasonable physical, technical, and administrative security standards to protect personal data from loss, misuse, alteration, or destruction. We protect your personal data against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals may access your personal data for the purpose for which it was collected, and these individuals receive training about the importance of protecting personal data. Jensen Hughes is committed to compliance with all relevant data privacy laws in all areas where we do business, including, but not limited to, the GDPR and the CCPA. Additionally, our service providers are contractually bound to maintain the confidentiality of personal data and may not use the information for any unauthorized purpose. *Policy on use of 3rd party recruiting agency for direct placements Jensen Hughes will occasionally augment a recruiting search through agencies for certain positions when business conditions warrant. Jensen Hughes will not accept resumes, inquiries or proposals from recruiting agencies as an acceptable method to consider a candidate. 3rd party recruiting agencies must sign a standard Jensen Hughes agreement after being evaluated and accepted by a Human Resources or Talent Acquisition manager, or member of the talent acquisition team. Hiring managers and employees of Jensen Hughes are not authorized to accept resumes, engage in fee-based searches through recruiting firms or sign a search agreement. Please note this policy does not apply to “staffing firms” or firms that are involved with hiring temporary staff. Any recruiting agency interested in being considered may contact our recruiting team at jensenhughesrecruiting.com.

We are seeking a highly skilled Senior Patching Engineer to lead enterprise-wide patch and vulnerability remediation initiatives. This role is responsible for designing, implementing, and optimizing patch management strategies across servers, endpoints, cloud platforms, and critical infrastructure. The ideal candidate combines deep technical expertise with strong risk management and cross-functional collaboration skills. --- DUTIES AND RESPONSIBILITIES: · Patch Management Strategy o Design, implement, and maintain enterprise patch management frameworks. o Develop policies, standards, and procedures aligned with security and compliance requirements. o Establish patch prioritization models based on risk, criticality, and business impact. · Vulnerability Remediation o Lead remediation efforts based on findings from vulnerability scanning tools. o Coordinate emergency patching for zero-day vulnerabilities and high-severity CVEs. o Provide risk-based recommendations to stakeholders and leadership. · Infrastructure & Systems Management o Manage patching across Windows, Linux, virtualized environments, and networking systems. o Administer enterprise patching tools such as SCCM/MECM, WSUS, Red Hat Satellite, Ansible, or equivalent. o Oversee patching in virtualized and cloud environments (AWS, Azure, GCP). o Ensure minimal downtime and service disruption through structured testing and deployment cycles. · Automation & Optimization o Develop and maintain automation scripts (PowerShell, Bash, Python) to streamline patch deployment. o Continuously improve patch compliance metrics and reporting dashboards. o Implement rollback and contingency strategies. · Compliance & Reporting o Ensure adherence to regulatory and industry standards (e.g., ISO 27001, NIST, HIPAA as applicable). o Prepare patch compliance reports for audits and executive leadership. o Track SLAs and KPIs for patch remediation timelines. · Collaboration & Leadership o Act as a technical lead and mentor for junior engineers. o Work closely with Security, Infrastructure, DevOps, and Application teams. o Participate in change management and CAB meetings. o Support incident response activities related to unpatched vulnerabilities. --- Preferred Certifications · Microsoft Certified: Azure Administrator or equivalent · Red Hat Certified Engineer (RHCE) · CompTIA Security+ / CySA+ · CISSP --- Key Competencies · Strong analytical and problem-solving skills · Risk-based decision-making ability · Excellent documentation and reporting skills · Strong communication and stakeholder management · Ability to work under pressure during critical security events · Detail-oriented with strong organizational skills --- What Success Looks Like · 95%+ patch compliance within defined SLA windows · Reduced critical vulnerability exposure across the enterprise · Automated, scalable, and audit-ready patching processes · High stakeholder satisfaction and minimal service disruption