• Perform SOC 1 & 2, NIST 800-171, ISO 27001, ISO 27701 and ISO 42001 gap analysis and recommend process, procedural, documentation and tooling recommendations to remediate. • Improve Compliance and certification scope efficiency via review and enhancements of the Trimble Common Control Framework • Perform ISO 27001 & ISO27701 Internal Audits. • Perform SOC 1 & 2, NIST 800-171 Internal & External Audits • Contribute to annual policy revisions and maintenance of the IMS. • Constantly coordinate with key business stakeholders and the external auditor • Present metrics derived from the Integrated Management System, audit results, trends in risk, and corrective action plans to senior leadership. • Contribute to the creation of processes and procedures that increase efficiency of the overall compliance program across all standards and frameworks. • Collaborate with Cybersecurity team members, Trimble businesses across various geographies. • Contribute to risk management processes to ensure business risk posture is properly calculated and proactively managed. • Produce and analyze information that will accurately demonstrate the risk posture of each business and drive actions to reduce and manage technical risks. • Be able to understand and communicate technical risks to a broad set of stakeholders.

• I’m seeking a knowledgeable, collaborative, and creative leader to scale our security program and build out our security team. • This leader will report directly to me. • You’ll inherit a competent security program and scale this program through our next phase of high growth. • This includes building the Security team from scratch (which means you’ll be a hands-on security generalist to start). • By the end of the year, you’ll have defined our security strategy and roadmap, and added people (1-3 individuals), processes, and automation to scale yourself out of routine work. • Collaborate with other departments to solve interesting security challenges concerning sensitive information and PII. • Lead and grow a culture of security awareness among over 250 people today and more than 500 people by the end of the year.

• Multi-Cloud Governance: Monitor and triage security findings across AWS, GCP, and Azure, prioritizing high-risk vulnerabilities and misconfigurations. • Security Automation: Architect and maintain security automation workflows using Python. • Posture Management (CSPM): Identify and remediate insecure cloud configurations (e.g., exposed buckets, overly permissive IAM roles, unencrypted data). • Edge Security: Manage and fine-tune AWS WAF (Web Application Firewall) rules using Terraform (Infrastructure as Code). • Consultative Partnership: Collaborate with Cloud Architects and Developers during the design phase to prevent security debt and ensure "Secure by Design" principles.

• Define and drive enterprise security architecture across hybrid and cloud environments. • Lead the design, governance, and evolution of secure architectures. • Collaborate with leadership, technology teams, and stakeholders to embed security into IT strategy. • Champion secure-by-design principles through automation and innovation. • Develop and execute the security architecture roadmap aligned with organizational goals. • Create and maintain security documentation, standards, patterns, and reference architectures. • Drive secure-by-design initiatives and develop security standards. • Define, track, and report security metrics to demonstrate security maturity, program effectiveness, and compliance with standards. • Design and oversee implementation of security architecture topologies for systems and enterprise enablement. • Drive DevSecOps adoption and secure CI/CD integration. • Apply strong business acumen to align security initiatives with organizational goals. • Lead threat modeling, risk assessments, and incident response planning for Azure and hybrid systems. • Provide expert guidance on identity and access management (IAM), network segmentation, encryption, and cloud security. • Evaluate, recommend, and select security products and vendors. • Build and maintain strong relationships with technology teams, suppliers, and business units. • Mentor architects and engineers; foster a secure-by-design culture. • Deliver security awareness training and guidance to business and IT teams. • Stay current with emerging threats, technologies, and regulatory changes; recommend innovative solutions.