• Own application, cloud, infrastructure, and data security across Cherry • Be hands-on: design systems, review code and architecture, and contribute directly where needed • Lead incident response, threat modeling, and security reviews • Build and grow an elite security team doing high leverage technical work • Embed security into engineering workflows without slowing product velocity

• Lead the build-out and operation of core security capabilities: vulnerability management, patching, SIEM/logging, cloud security monitoring, and alert triage. • Deploy, configure, and tune security tooling (scanners, WAFs, CSPM, SIEM, endpoint protection) • Partner with engineering to build security at App or Cloud level, with developer experience in mind. • Triage and assess vulnerabilities, drive remediation prioritisation, and reduce risk in a pragmatic yet rigorous way. • Design and implement tactical incident-response playbooks and improve detection coverage. • Periodically review major architectural changes and guide engineering on secure design trade-offs. • Continuously improve processes so security scales as the company grows.

• Operate and manage Cloud Security solutions, CNAPP, CSPM, Container Security and Kubernetes Security; • Configure, monitor and optimize WAF/WAAP to protect against web threats (e.g., OWASP Top 10); • Support the implementation of API Security best practices, ensuring visibility and risk mitigation; • Assist with security incident response in cloud environments and applications; • Collaborate with development, infrastructure and DevOps teams, promoting a DevSecOps culture; • Produce reports, metrics and recommendations for continuous security improvements.

• Own and Mature the Third Party Risk Management Program • Define and drive OutSystems’ TPRM strategy, including risk tiering methodology, assessment frameworks, and ongoing monitoring cadences for critical and high-risk vendors. • Lead end-to-end vendor risk assessments and architect scalable processes that can grow with the business. • Proactively identify gaps between current TPRM practices and industry standards, and build solutions to close them. • Partner with Digital, Procurement, Legal, and Engineering to embed risk requirements into vendor selection and contracting, influencing how partner teams operate. • Maintain the vendor risk inventory, track remediation of identified issues, and report status to leadership with clarity and consistency. • Monitor the threat and regulatory landscape for developments that affect the third-party risk surface. • Own and evolve the enterprise risk register for the Security division, ensuring risks are consistently identified, assessed, and treated across business units. • Design and facilitate risk workshops with functional and business leaders to surface emerging risks and validate control effectiveness. • Develop key risk indicators (KRIs) and produce executive-level risk reporting, including dashboards and trend analyses, that connect security posture to business outcomes. • Integrate risk management into business planning cycles and cross-functional initiatives, ensuring security considerations are embedded early. • Serve as a senior contributor to compliance programs supporting certifications such as SOC 2, ISO 27001, PCI, HIPAA, and regional regulatory frameworks, elevating the work beyond execution to program ownership and continuous improvement.