• Leads cybersecurity and privacy principles to ensure the organization's applications and services are implemented according to internal security standards • Recognizes vulnerabilities in security systems • Oversees and performs threat modeling, security code reviews, security assessments • Engineers and develops cloud automation routines to streamline operations • Promotes understanding and adherence to the SSDLC Policy and Standards • Ensures the implementation and maintenance of application security standards • Executes architectural analysis of the current application security architecture • Leads the audit of application security and operational configurations • Remediates application security incoming alerts/vulnerabilities • Creates application security documents, design standard operating procedures • Automates routine operational tasks related to application security • Implements application security solutions such as authentication, authorization, encryption, logging, and application security testing throughout the secure software development life cycle (SSDLC) • Undertakes initiatives/policies to review and generate recommendations for the application security configuration

• Leidinggeven aan het team bij het monitoren van beveiligingsincidenten • Speel een sleutelrol bij technische analyses • Ontwikkelen van beleid en performance metrics

• Lead the team in monitoring, detection, and response to security incidents • Inspire, guide, and develop team members, fostering a collaborative and continuous learning environment • Oversee operations in SIEMs such as Rapid7/InsightIDR, QRadar, FortiSIEM, and Microsoft Sentinel, as well as security tools like EDR, SOAR, Firewalls, IDS/IPS • Define and review playbooks, policies, and performance metrics, ensuring ongoing process improvement • Directly support critical investigations, conducting technical analysis and strategic decision-making alongside the team.

• Lead and mature Material Bank’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion. • Establish and maintain security policies, standards, and operating procedures that scale across cloud platforms, applications, data, and emerging technologies, including AI. • Own the security risk management framework, including risk identification, scoring, acceptance, tracking, and executive reporting, supported by a maintained risk register and clear visibility into trends and remediation status. • Define and track security metrics and KPIs that demonstrate program effectiveness, predictability, and maturity. • Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction. • Lead customer security questionnaires and enterprise assurance requests in partnership with Legal, IT, and Engineering. • Support privacy and regulatory obligations, including GDPR, ROPA inventories, and regional data requirements. • Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails. • Establish application security standards across internal and customer facing platforms, including secure SDLC practices, penetration testing, and remediation accountability. • Conduct security assessments for new systems, architectures, and major platform changes. • Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews. • Establish enterprise wide data classification and data handling standards. • Ensure access and data protection controls scale with growth and global expansion through partnership with IT, Engineering, and platform owners. • Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement. • Support disaster recovery and business continuity planning from a security perspective, including tabletop exercises and recovery documentation. • Own the security technology stack, including endpoint protection, vulnerability management, monitoring, and security awareness tooling. • Evaluate, select, and manage security vendors for effectiveness and cost efficiency. • Directly implement and remediate security controls, configurations, and tooling gaps when risk, timing, or dependency constraints require hands on execution. • Leverage automation and AI assisted workflows to operate efficiently as a one person function. • Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance.