Your Journey at Crowe Starts Here: At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you’re trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That’s why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry. Job Description: Third Party Senior Staff Job Summary: The position will be primarily responsible for assessing the information security posture of key clients’ third parties and coordinating the overall execution and delivery of assessments. The position will work within a Crowe team at a client or third party site and be responsible for leading the effort to identify key risks and information security gaps. Projects would be performed through interacting with the client’s IS and Business Unit leadership, as well as the client’s vendors, service providers, and partners. Specific projects may include: - Conducting Third Party Risk Assessments by evaluating third party questionnaire responses, performing control validation, and assessment of documentation per established procedures and standards - Performing site visits to third-party facilities - Evaluating the effectiveness of security controls for compliance with applicable policies, security laws, and regulations - Assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS) - Documenting information security risk and compliance findings and recommendations for remediation - Perform quality assurance and review of assessments performed by other team members - Delivering high quality, thorough reports - Coordinating the schedules and assessments for key third party clients and overseeing all key deliverables Our clients operate in and our team members work across the following industries: - Pharmaceutical - Life Sciences - Biotechnology - Healthcare - Manufacturing - Financial Services - Technology, Media and Telecomm Minimum Qualifications: - Bachelor's Degree - Information Technology and/or Cybersecurity background and/or experience, including 2-4 years IT experience with network, platform, and/or application technology - Willingness to obtain the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Third Party Risk Assessor (CTPRA) designations - Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web - Working knowledge of at least one compliance framework, such as SOC2, ISO 27001, NIST, HIPAA - Experience managing multiple projects, in a fast-paced environment - Proven ability to learn new technologies and systems, especially through independent research and self-study - Ability to communicate technical information verbally and through written documentation - Ability to manage project schedules and client expectations - Ability to travel domestically an average of 20%-50% per year Desired Qualifications: - Bachelors and/or advanced degree with a concentration in: Cybersecurity, Risk Management, Computer Science, or Management Information Systems - Any experience working with or assessing third party vendors is preferred but not required - IT experience at a leading industry public company. This might include either IT auditing or being a member of an IT or Cybersecurity team - Experience with Archer, Process Unity, ServiceNow or other GRC/VRM tools - Experience with security ratings platforms - Bilingual - Open to remote We expect the candidate to uphold Crowe’s values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. Crowe is not sponsoring for work authorization at this time. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,500.00 - $159,300.00 per year. Our Benefits: Your exceptional people experience starts here. At Crowe, we know that great people are what makes a great firm. We care about our people and offer employees a comprehensive total rewards package. Learn more about what working at Crowe can mean for you! How You Can Grow: We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper! More about Crowe: Crowe (www.crowe.com) is one of the largest public accounting, consulting and technology firms in the United States. Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world. Crowe LLP provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, genetics, national origin, disability or protected veteran status, or any other characteristic protected by federal, state or local laws. Crowe LLP does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge. Crowe will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, Los Angeles County Fair Chance Ordinance, San Francisco Fair Chance Ordinance, and the California Fair Chance Act. Please visit our webpage to see notices of the various state and local Ban-the-Box laws and Fair Chance Ordinances, where applicable. We are committed to a merit-based hiring process, evaluating all candidates consistently using objective, job-related criteria such as relevant experience, demonstrated skills, measurable impact, and alignment with the role’s responsibilities, and making employment decisions in a fair and inclusive manner free from discrimination. If you are interested in applying for employment with Crowe and are in need of an accommodation or require special assistance to navigate our website or to complete your application, please visit our Applicant Assistance and Accommodations page for more information: https://careers.crowe.com/crowe-applicant-assistance-and-accommodation

• The Audit and Risk Committee assists the Board of Trustees in fulfilling its oversight responsibilities for the financial reporting process and system of internal control • The external auditors’ qualifications, independence, and performance • The adequacy and effectiveness of the process for monitoring compliance with laws, regulations, and the code of ethics • The adequacy and effectiveness of risk management practices

• Lead governance initiatives across SharePoint Online, Microsoft Teams, OneDrive, and Power Platform. • Assess and remediate legacy configurations, over-permissioned content, and stale collaboration resources. • Drive tenant modernization aligned to Microsoft best practices and enterprise governance standards. • Design and maintain least-privilege permission models across M365 workloads. • Develop automated renewal profiles for user and group membership recertification on a recurring basis to reduce risk and entitlement sprawl. • Partner with Security and GRC teams to ensure access controls meet compliance and audit expectations. • Define and operate lifecycle management for M365 resources, including: Archiving inactive Teams, Sites, and Groups • Implement and manage retention and records management policies in partnership with Legal and GRC teams. • Support Microsoft 365 migration and integration efforts associated with M&A activity. • Automate governance and administration using AvePoint, PowerShell, Power Automate, SharePoint Advanced Management, and Microsoft Graph.

• Lead governance initiatives across SharePoint Online, Microsoft Teams, OneDrive, and Power Platform • Assess and remediate legacy configurations, over-permissioned content, and stale collaboration resources • Drive tenant modernization aligned to Microsoft best practices and enterprise governance standards • Design and maintain least-privilege permission models across M365 workloads • Develop automated renewal profiles for user and group membership recertification on a recurring basis to reduce risk and entitlement sprawl • Partner with Security and GRC teams to ensure access controls meet compliance and audit expectations • Define and operate lifecycle management for M365 resources, including: • Implement and manage retention and records management policies in partnership with Legal and GRC teams • Support Microsoft 365 migration and integration efforts associated with M&A activity