Role Description This Host Home provider position is a unique opportunity to work from home and provide safe, happy, and healthy living quarters for one or more of our clients. Host home providers get paid a daily rate. Clients live within your home as you assist them and provide services. Responsibilities: - Model live skills like financial management and problem solving. - Assist in teaching clients independent living skills like housekeeping, problem-solving, cooking and meal prep, healthy eating, use of household equipment, home organization, etc. - Spend time with the client, watching TV, playing video and board games, etc. - Go for walks, exercising, and helping walk any possible pets. - Provide any needed client behavior assistance. - Depending upon client needs, this position may occasionally include driving clients to appointments, school, programs, etc. - The client must have their own bedroom. - Can have 3 clients to one host home provider (additional family members count in this ratio and will also need to pass a background check). - Document timely notes including monthly reports. - Axis entry. - Attend meetings and company-wide huddles. - Access to reliable transportation. - Perform other duties and specialty areas as assigned by the supervisor. - Must successfully obtain required certifications and training. Qualifications - Must have extensive experience caring for people with disabilities. Requirements Physical Requirements: - Prolonged periods of sitting, standing, and walking. - Occasionally required to lift up to 50 pounds. Benefits - You can qualify for the Colorado Care Worker Tax Credit. If you qualify, you can receive up to $1200 rebate towards your taxes.

• Work with IS and Business Continuity teams to ensure that the disaster recovery (DR) and business continuity (BC) plans support disaster recovery strategy • Maintains overall plans for executing all DR procedures and understand their interdependencies • Reviews and supports critical DR parameters (RPO, RTO, Recovery Tier definitions) • Maintains detailed DR communications and command and control plans • Work with IS architectural and technical staff to ensure that DR solutions are adequate, maintained, and tested • Provide input in the design of systems to comply with DR requirements • Actively participates in change management and project prioritization meetings • Support and understand all testing necessary for successful DR execution • Provide ongoing feedback for risk management, mitigation, and prevention

• Build ServiceTitan's Customer Trust Program to differentiate us in the market and accelerate enterprise deals. • Own trust infrastructure including security documentation, trust center, and customer-facing compliance portal. • Partner with Sales and Customer Success to translate security controls into customer value. • Create tiered security review processes and standard responses for questionnaires and RFPs. • Establish trust metrics that demonstrate impact on sales velocity and customer confidence. • Own end-to-end management of ISO 27001, SOC 1/2, and PCI-DSS across multiple entities. • Lead expansion into ISO 42001 for AI and emerging frameworks. • Implement a 'Test Once, Comply Many' strategy to streamline operations. • Drive continuous audit-readiness by ensuring controls are operationally effective, focusing on measurable security improvements and proactive risk mitigation. • Architect AI-driven workflows using next-gen GRC platforms (i.e. Anecdotes, Drata, Vanta) and AI tooling to automate evidence collection, control testing, and risk assessment. • Drive reduction in manual work through intelligent automation. • Build horizontal AI capabilities for cross-functional collaboration and vertical capabilities for deeper compliance insights and predictive analytics. • Transform compliance from manual documentation to data-driven risk management. • Own strategic relationships with external auditors, serving as primary technical contact. • Advocate for risk-based audit approaches that focus resources on highest-impact areas. • Hold GRC vendors accountable for ROI and influence their product roadmaps to meet ServiceTitan's needs. • Design and maintain unified control framework across all certifications. • Map controls to create a single source of truth in our GRC system of record. • Establish clear ownership across Engineering, IT, Security, and business teams. • Implement continuous monitoring to detect gaps and failures in real-time. • Collaborate deeply with Product and Engineering to map and maintain an accurate understanding of product architecture, data flows, and collection points. • Lead the technical definition of certification boundaries (e.g., PCI-DSS scoping) by analyzing how data moves through ServiceTitan’s ecosystem. • Ensure certifications reflect current infrastructure rather than legacy snapshots. • Partner with Product Managers to translate customer security requirements and emerging regulations (like ISO 42001 for AI) into actionable roadmap priorities. • Work with Sales to identify certifications that unlock new markets or accelerate deal cycles. • Provide high-fidelity sales enablement materials and expert support for complex security RFPs. • Act as a bridge between compliance mandates and technical execution, ensuring Engineering understands the why behind control requirements to prevent 'compliance debt' in the product lifecycle. • Bridge Security, Engineering, IT, Finance, Legal, Product, and Sales to embed compliance into operations. • Communicate certification status and risks to leadership through clear dashboards. • Drive stakeholder engagement by connecting compliance to business outcomes. • Build culture where compliance is competitive advantage, not burden. • Transform compliance from manual gathering to automated, continuous assurance. • Build integrations between GRC platforms and source systems (Okta, Azure, AWS, GitHub, Jira). • Implement controls through infrastructure-as-code, policy-as-code, and automated testing. • Make audit-readiness continuous, not annual. • Apply risk-based thinking to focus resources on highest-impact areas. • Scope audits based on risk, avoiding over-testing of low-risk controls. • Assess and communicate residual risk when balancing compliance with business velocity.

• Oversee the day-to-day operation of Meditec’s U.S. privacy program, including development and maintenance of policies, procedures, training, and privacy governance documentation. • Lead incident investigation and response, including breach assessment, remediation, and notifications to regulatory agencies and other stakeholders as required. • Monitor and interpret international, federal, and state privacy and data protection laws (e.g., GDPR, HIPAA, CCPA/CPRA) and ensure Meditec’s collection, retention, use, and disclosure of data comply with applicable requirements. • Conduct routine audits and assessments of privacy and data protection practices; draft reports of findings and present recommendations for technical and operational improvements. • Lead project management efforts for implementation of new privacy tools, controls, and processes. • Draft, review and negotiate a broad range of privacy, information security, and product security agreements, including Business Associate Agreements (BAAs), Data Transfer Agreements, customer-supplied questionnaires, and cybersecurity documentation. • Serve as a subject matter expert on privacy and data protection, providing guidance to product engineering, IT, security, and business teams. • Act as a liaison with Meditec affiliates and ZEISS Corporate Data Protection Office as the Data Protection Coordinator. • Develop and deliver privacy training and workforce education addressing the handling of PHI, PII, and confidential information to foster a privacy-aware culture. • Manage and oversee U.S. federal and state Aggregate Spend / Open Payments reporting, including data collection, validation, remediation, and submission activities. • Actively monitor and manage external vendors, ensuring accurate data aggregation from multiple source systems. • Evaluate data quality issues and obtain additional information from internal stakeholders or third parties when required. • Perform analysis related to Healthcare Professionals (HCPs), including license verification, CMS validation failures, and residency determinations. • Prepare and review aggregate spend submission reports and determine completeness and accuracy for Meditec entities. • Submit aggregate spend data through the CMS Open Payments Portal and support company officers during attestation. • Investigate and resolve Open Payments disputes in collaboration with internal and external partners in accordance with federal guidelines. • Review, route, approve, and release payment for commercial sponsorship requests, ensuring adherence to company compliance policies. • Monitor and update sponsorship and transparency guidance as regulations and internal policies evolve. • Support compliance-related audits, investigations, and training initiatives as directed by U.S. Compliance Counsel.