• Advise clients on information security and IT security topics • Analyze and assess IT architectures • Support the development of security architectures and concepts • Produce security documentation • Conduct security tests • Interview client contacts to document internal processes • Independently support and manage audits

• Establishing and further developing the Cybersecurity practice in Stuttgart • Advising on governance, compliance and regulatory requirements (e.g., DORA, NIS2, ISO 27001) • Planning and conducting penetration tests • Vulnerability management and re-testing within the EU • Supporting projects with architecture reviews and secure-coding coaching • Collaborating within an international delivery model with teams in DACH, Sweden and Egypt • Developing methods, templates and best practices for sustainable ways of working • Supporting presales activities with proposals and client presentations

• Define priority reporting and analytics use cases (360 participant view, pension calculations, compliance analytics, inactive population communications) and map them to data, security, and tooling requirements • Establish the Data Hub governance framework: data classification, stewardship roles, approval workflows, retention rules, and incident/breach support aligned with OEB and Federal Reserve policies • Map regulatory obligations (HIPAA, applicable state benefits laws) to concrete controls, policies, monitoring processes, and evidence expectations within the Data Hub operating model • Recommend and oversee cataloging, lineage, and access-control approaches (Unity Catalog, AWS Glue Data Catalog, RBAC/ABAC) to support discoverability, traceability, and least-privilege access • Define fine-grained security patterns: RBAC/ABAC, encryption, key management, logging, and monitoring for highly sensitive data • Produce audit-ready evaluation reports summarizing compliance posture, risks, mitigations, and supporting evidence for internal audits and external reviews • Partner with Architecture/Ingestion lead and IV&V lead to ensure governance and security requirements are built into ingestion patterns, data models, and testing from the outset.

• Participate in threat modeling exercises with engineering team members • Triage SCA/SAST/DAST/CSPM findings by eliminating false positives and providing well-vetted vulnerabilities to engineering teams • Support vulnerability management efforts for networks and infrastructure • Partner with engineering teams ensuring timely remediation of security findings • Perform security assessments, reviews, and internal penetration tests • Support application security programs and security team initiatives • Develop scripts and tools to automate repetitive security tasks, such as log analysis, patch management, and incident detection. • Build custom solutions to integrate security tools with existing systems using languages like Python, JavaScript, or Go.