• Serve as the primary point of contact for assigned telecommunications clients regarding regulatory reporting. • Coordinate with clients to gather necessary reporting information and ensure timely submissions. • Analyze financial and operational data to prepare and submit compliance filings to the FCC, PUCs, and other regulatory agencies. • Maintain strong knowledge of industry regulatory changes and apply updates to compliance processes.

• Own the Framework: Design, implement, and maintain a common control framework (CCF) that maps to multiple standards (SOC 2, ISO 27001, FedRAMP, NIST CSF, PCI-DSS) to ensure "test once, comply many" efficiency. • Risk Quantification: Evolve our risk management program towards quantitative risk analysis (e.g. leveraging FAIR, OCTAVE methodologies), utilizing AI to continuously process & analyze complex data sets, and providing executive leadership with data-driven insights on security posture and residual risk and an updated view of Top Risks impacting Confluent. • Program Modernization: Develop and maintain security policies that are agile, easily discoverable, and practical for an AI-native engineering culture, enforceable through automation. • Remediation Strategy & Engineering Partnership: Interface directly with Information Security Engineering (InfoSec Eng) to co-develop technical remediation strategies that are secure by design and operationally feasible. • Risk Reporting: Develop and maintain a visual presentation layer (e.g., dynamic dashboards, executive scorecards, and trend analysis) that simplifies complex risk data. • Risk Treatment: Evolve current risk management programs to ensure risks are properly tracked, treated, and communicated. • Program Execution: Apply technical program management best practices to complex security initiatives. • Communication & Accountability: Regularly report to the Trust and Security staff, eStaff and prepare occasion Board level content via weekly, monthly and quarterly execution reviews. • OCISO Partnership: Collaborate closely with the Office of the CISO (OCISO) to proactively forecast and prioritize security certifications and product features. • Sales Acceleration: Act as a subject matter expert during high-stakes customer engagements, partnering with Sales and OCISO to build confidence with Fortune 500 CISOs and external auditors. • Continuous Compliance and Scale: Partner with Engineering to drive the automation of evidence collection and control monitoring. • Audit Management: Orchestrate all external audits and certifications, serving as the primary liaison with external auditors and regulators. • TPRM: Oversee the Third-Party Risk Management program, ensuring that vendors, partners, and AI sub-processors meet Confluent’s security standards throughout the vendor lifecycle.

• Collaborate with cross-functional partners to refine workflows, develop efficient tracking systems and implement solutions that enhance overall accreditation processes • Assist with the preparation of health plan accreditation documents • Assist with gap analyses to identify key areas of focus • Contribute to the creation of detailed reports and presentations that communicate progress, findings, and recommendations to leadership and stakeholders • Work in collaboration with project management professionals to meet project deadlines • Help plan and facilitate accreditation-related training working sessions to ensure teams are well-equipped to meet standards

• The Compliance Lead ensures compliance with governmental requirements • Develops and implements compliance policies and procedures • Researches compliance issues and recommends changes that assure compliance with contract obligations • Maintains relationships with government agencies • Coordinates implementation and compliance with corrective action plans, as needed • Advises executives to develop functional strategies on matters of significance • Uses independent judgment requiring analysis of variable factors and determining the best course of action • Develop audit methodology and perform auditing and monitoring activity to prevent and detect issues of noncompliance • Present findings of monitoring and auditing efforts to business partners and Enterprise Compliance leaders