• Lead and mature Material Bank’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion. • Establish and maintain security policies, standards, and operating procedures that scale across cloud platforms, applications, data, and emerging technologies, including AI. • Own the security risk management framework, including risk identification, scoring, acceptance, tracking, and executive reporting, supported by a maintained risk register and clear visibility into trends and remediation status. • Define and track security metrics and KPIs that demonstrate program effectiveness, predictability, and maturity. • Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction. • Lead customer security questionnaires and enterprise assurance requests in partnership with Legal, IT, and Engineering. • Support privacy and regulatory obligations, including GDPR, ROPA inventories, and regional data requirements. • Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails. • Establish application security standards across internal and customer facing platforms, including secure SDLC practices, penetration testing, and remediation accountability. • Conduct security assessments for new systems, architectures, and major platform changes. • Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews. • Establish enterprise wide data classification and data handling standards. • Ensure access and data protection controls scale with growth and global expansion through partnership with IT, Engineering, and platform owners. • Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement. • Support disaster recovery and business continuity planning from a security perspective, including tabletop exercises and recovery documentation. • Own the security technology stack, including endpoint protection, vulnerability management, monitoring, and security awareness tooling. • Evaluate, select, and manage security vendors for effectiveness and cost efficiency. • Directly implement and remediate security controls, configurations, and tooling gaps when risk, timing, or dependency constraints require hands on execution. • Leverage automation and AI assisted workflows to operate efficiently as a one person function. • Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance.

• Learn, understand, and be a leading example of the ProDriven Brands ‘We Are One’ company values • Implement strategies, communicate product knowledge, and conduct training to maintain a pipeline focused on meeting or exceeding regional sales objectives, conversion dollars, and other KPI for the region • Establish and grow a network of Safety Directors, End Users, Distributors, and Regional Safety Personnel to drive sales across the region • Establish and deepen relationships with top distributors stocking Werner Fall Protection, Climbing, and Jobsite – working alongside them weekly to grow sales • Responsible for achieving the annual Regional End User Conversion Dollar target • Responsible for the development and consistent maintenance of the End User Opportunity Pipeline • Work closely with the Regional Sales Manager to align strategy • Provide Safety and Product information – Subject Matter Expert and first POC for questions • Promote the education and usage of our online training tools • Support events throughout the year • Lead regional teams with selling new product offerings, safety materials, and competitive comparisons

• Serve as the primary vCISO and subject matter expert for multiple clients, advising executive stakeholders on cybersecurity strategy, risk management, compliance requirements, and security best practices • Lead data-centric cybersecurity programs aligned to business risk, including risk assessments, gap analyses, remediation roadmaps, and ongoing security posture management • Pivot the GRC team away from manual processes by integrating AI tools and automation workflows into day-to-day operations and client deliverables • Develop, review, and maintain client security policies, procedures, business continuity plans, and governance documentation tailored to regulatory and business needs • Review and interpret audit results, vulnerability assessments, and security reporting to identify threats, prioritize remediation, and reduce organizational risk • Design and facilitate tabletop exercises and lead Third Party Risk Management initiatives to strengthen client preparedness and vendor security oversight • Manage, mentor, and develop vCISO team members through onboarding, coaching, performance feedback, escalation support, and career development • Oversee vCISO service delivery quality across accounts, ensuring consistent documentation, communication standards, and client satisfaction • Collaborate cross-functionally with Security Operations, Compliance, Professional Services, and Account Management to align advisory recommendations with deliverable services • Identify opportunities to expand vCISO engagements, contribute to service improvements and templates, and stay current on cybersecurity threats, technologies, and regulatory changes • Partner with the VP of Cybersecurity to secure the Coretelligent environment.

• Deliver complex projects with multi-department dependencies and evolving requirements. • Lead and enhance product security IT infrastructure administration, operational processes, and compliance controls. • Oversee system administration, service delivery, and incident, change, and problem management processes. • Collaborate with cross-functional teams to establish operational standards, define service delivery expectations, and ensure seamless integration across departments.