• Atendimento de **chamados de usuários**, incluindo checklist inicial básico de acessos • Atuação em **chamados mais específicos** relacionados à gestão de identidades e acessos • **Gestão de acessos** em ambientes Microsoft (Azure / AD) • Operação e suporte a ferramentas de IDM, com destaque para **Oracle / SailPoint** • Apoio às **demandas de auditoria externa**, incluindo evidências e revisões de acessos • Participação em **revisões periódicas de acessos** • Apoio em **processos de conformidade**, alinhados às normas **ISO 27001 e ISO 27701** • Criação e manutenção de **scripts de automação** e melhorias de processo utilizando **PowerShell**

• Promote, educate and present Security, Risk and Issue information to key stakeholders and the business in all departments to ensure sound risk principles and how they are applied are represented. • Maintain the risk artifacts (register, acceptances/exceptions, vendor onboarding and vendor risk profiles, evaluation SBARCs, reports, metrics). • Execute Corporate, Product, Business Impact and Emerging Tech risk assessments, some as large-scale projects to include interviews, data collection, parsing and analysis, and modeling. • Integrate with partners in Security, Audit and Compliance, Procurement and Legal by understanding the frameworks and vocabularies they are using. • Using deep experience, develop and/or execute logical risk, threat and/or probability models whether automated or manually run. • Develop and maintain human networks including major stakeholders to propagate risk program support; Socialize challenging or counterintuitive future insights into likely risk events to create general risk awareness and thoughtfulness. • Work with total honesty and integrity, declaring errors and proposing fixes immediately, recognizing escalation-worthy information and escalating appropriately, providing confidence levels as appropriate in results. • Be prepared to build things brand new to the organization, whether a special purpose model or new nascent program processes to fill a gap.

• Analyze application architectures to identify security risks and potential attack paths • Perform secure code reviews and vulnerability assessments, recommending effective remediation • Integrate security tools and automated checks into CI/CD and DevOps pipelines • Use static and dynamic scanning tools to identify, prioritize, and track security findings • Partner with developers and operations teams to embed security throughout the SDLC • Document and report application security issues, including remediation guidance and validation • Support new application and technology launches to prevent misconfigurations and data exposure • Collaborate with red teams, threat intelligence, and risk teams to reduce overall attack surface • Communicate security risks clearly to both technical and non-technical audiences • Support internal and external audits focused on compliance and risk reduction • Help define metrics and KPIs that demonstrate the effectiveness of the application security program • Participate in change management discussions and continuous improvement initiatives

• The Epic Security Analyst provides an intermediate level of operational and application build in completing routine and occasionally more sophisticated assignments to meet customer goals and desired outcomes. • Task and assignment focus are typically on medium to large projects, performing workflow analysis, build, and documentation in collaboration with internal and external team members. • Based on core knowledge of application and operational requirements can translate requirement/concepts into functionality. • Assigned to various work/projects and demonstrates an ability to successfully complete assigned tasks/assignments, proactively connect with manager to prioritize workflow and mitigate risks, track issues, provide solution-oriented escalation, and understand fundamental project management methodologies. • Participates in re-engineering of operational work-flow processes with end-users/business owners and maintains fundamental understanding of assigned departmental operations. • Facilitates end-user/business owner needs into system specifications and configuration requirements. • Manages navigation of migration paths, change control process/governance, and ticket management processes. • Maintains high standards for quality application design, build, testing, and other tasks; ensures adequate documentation is provided for support and end-user training.