• Lead Cloudflare through the DoD IL4 Authorization process • Manage all aspects of the DoD IL4 assessment and authorization process and Authorization maintenance • Update and maintain the DoD IL4 requirements in Cloudflare’s Common Control Framework • Work cross-functionally with Engineering, Legal, Product, and operational teams to drive security control implementation for the organization • Improve the maturity of Cloudflare’s Security Compliance program • Help guide our overall security policy and governance architecture • Have input into the overall security compliance strategy

• Design and implement security controls across cloud infrastructure, endpoints, identity systems and applications • Harden GCP environments including compute, networking, GKE, IAM and logging configurations • Deploy, configure, and maintain security tooling including SIEM, vulnerability scanners, EDR, and secrets management • Build automation for security operations, evidence collection and compliance reporting using Python, Terraform, and CI/CD pipelines • Develop and maintain logging and monitoring architecture to support detection, response, and audit requirements • Implement and enforce identity and access management controls, including SSO, MFA and least privilege access • Conduct vulnerability assessments and drive remediation efforts across infrastructure and applications • Support incident response activities including investigation, containment, and root cause analysis • Collaborate with engineering teams to integrate security into development workflows and CI/CD pipelines • Document security configurations, architecture decisions, and runbooks • Support compliance efforts by implementing technical controls required for CMMC, FedRAMP, ITAR and DFARS

• Perform SOC 1 & 2, NIST 800-171, ISO 27001, ISO 27701 and ISO 42001 gap analysis and recommend process, procedural, documentation and tooling recommendations to remediate. • Improve Compliance and certification scope efficiency via review and enhancements of the Trimble Common Control Framework • Perform ISO 27001 & ISO27701 Internal Audits. • Perform SOC 1 & 2, NIST 800-171 Internal & External Audits • Contribute to annual policy revisions and maintenance of the IMS. • Constantly coordinate with key business stakeholders and the external auditor • Present metrics derived from the Integrated Management System, audit results, trends in risk, and corrective action plans to senior leadership. • Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program across all standards and frameworks. • Collaborate with Cybersecurity team members, Trimble businesses across various geographies. • Contribute to risk management processes to ensure business risk posture is properly calculated and proactively managed. • Produce and analyze information that will accurately demonstrate the risk posture of each business and drive actions to reduce and manage technical risks. • Be able to understand and communicate technical risks to a broad set of stakeholders.

• I’m seeking a knowledgeable, collaborative, and creative leader to scale our security program and build out our security team. • This leader will report directly to me. • You’ll inherit a competent security program and scale this program through our next phase of high growth. • This includes building the Security team from scratch (which means you’ll be a hands-on security generalist to start). • By the end of the year, you’ll have defined our security strategy and roadmap, and added people (1-3 individuals), processes, and automation to scale yourself out of routine work. • Collaborate with other departments to solve interesting security challenges concerning sensitive information and PII. • Lead and grow a culture of security awareness among over 250 people today and more than 500 people by the end of the year.