• Develop and execute a modern strategy for governance, risk, and compliance that empowers the company’s go-to-market strategy and ambitions. • Build and retain a top-tier team of subject matter experts and technicians that can effectively support and advise world-class Engineering and Product Security functions • Level up our governance, risk management, and assurance activities through practical implementation of automation and AI capabilities. Lead G&T with an “automation first” mindset, and be unreasonably dissatisfied with any control that requires manual, periodic assurance • Deliver a category-leading customer experience around trust and security. Collaborate with Sales, Marketing, and other security functions to build or strengthen the tools, processes, and documentation necessary to wow new customers and delight existing ones. • Level up our approach to policies, standards, and controls. Achieve a coherent, efficient, and outcome-focused approach to policy implementation and management that helps accelerate the business and removes friction • Translate regulatory, customer, and threat mitigation requirements into comprehensive, practical controls that improve the security, resiliency, and value of the company and its products. Drive policy-as-code and push a GitOps-based approach to control management wherever practical • Lead risk assessments that prioritize business context, engineering tradeoffs, and data-driven decision making over theoretical compliance risks. • Use the FAIR framework to implement a continuous risk management program that integrates with product development and engineering processes. • Partner with engineering and product teams to track risk remediation with transparency and accountability. • Sustain a best-in-class security and compliance posture with regards to key regulatory frameworks, customer preferences, and emerging threat actor tactics. Grow our certification posture beyond SOC2 and ISO 27001 to include certifications and audits against global standards like CRA. • Champion automation and policy as code to eliminate assurance toil and provide 24/7 views into control adherence and effectiveness. • Conduct internal control reviews, security assessments, and assurance activities using a collaborative, coaching-oriented approach. • Lead external audits with a focus on clarity, efficiency, and reuse of evidence. • Build cross-functional knowledge on topics such as emerging regulatory frameworks, interpreting security requirements, and customer-valued security practices by conducting ongoing training for functions including Sales, Marketing, Product, and Legal. • Act as a bridge between engineering, legal, product, and leadership, translating risks and requirements into actionable plans. • Advocate for technical solutions (automation, tooling, secure defaults) as primary ways to meet requirements, rather than manual process. For example, partner with Product Security and Engineering teams to embed security control validations into CI/CD pipelines.

• Plan activities related to data governance, such as data cataloging, data quality, and data security; • Support and guide business areas in defining data owners and their responsibilities; • Assist in creating policies, standards, and procedures for the correct and secure use of data; • Promote awareness and engagement on the importance of data governance; • Monitor and analyze key indicators of the analytics environment to drive improvements; • Support the definition of strategic objectives for data governance aligned with business priorities; • Collaborate with data leadership to direct actions that increase the organization's data maturity.

• Supporting a wide range of projects for private and government clients throughout the U.S. (and internationally) • Performing and reviewing ecological risk assessments in accordance with regulatory guidance and project-specific work plans • Developing Risk Assessment Work Plans and contributing to Sampling and Analysis Plans/Quality Assurance Project Plans • Successfully coordinating with internal project teams, including delegating to junior staff • Preparing technical deliverables; including writing reports and performing/reviewing risk assessment calculations • Contributing to proposals and business development, including developing scopes of work and cost estimates for ecological risk assessment • Mentoring/developing more junior staff • Maintaining knowledge of federal and state regulations/guidance documents for conducting risk assessments • Maintaining work quality, quantity, and efficiency at or above company standards • Must be willing to perform occasional field work, as needed