• Work with the Distinguished Principal Architect, Trust, to document, maintain, and improve the secure software development lifecycle (SDLC) for AEC • Collaborate with the Trust organization across areas of security vulnerability management and zero-day vulnerability response • Manage and evolve AEC and DoD security vulnerability response processes • Serve as the primary point of contact for AEC zero-day reports and help engage security researchers and product developers • Proactively perform fuzz testing, research, and investigations on AEC products and processes to identify security issues and potential improvements • Support all BPM processes related to AEC security incidents

• Support SAP Application Security and Identity Access Management for the S/4HANA program • Execute technical design, implementation, and maintenance of the security framework • Perform hands-on configuration of SAP GRC to automate User Management and execute Segregation of Duties analysis • Design, build, and maintain S/4HANA security roles, focusing on Fiori authorizations • Setup and test SAP GRC Access Control to facilitate automated user provisioning • Partner with Fiori specialists to integrate Fiori authorizations with backend roles • Ensure adherence to Security Management controls and federal audit requirements • Validate user entitlements during certification processes • Support audit inquiries related to user access • Monitor and report on SoD violations

• Develops, coordinates, and implements systems, policies, procedures, and productivity standards • Foster a positive and collaborative work environment • Oversee the planning, execution, and completion of projects and initiatives within the team • Establish and monitor operational processes and workflows to enhance efficiency and productivity • Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence • Ensures a safe, secure, and compliant work environment • Build and manage a high-performing team, including hiring, training, and development • Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success • Identify skill gaps within the team and develop strategies for filling those gaps • Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements • Build, lead, and scale a high-performing IT and Security organization • Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding and identity and access management • Own and mature the security program, including governance, risk management, and threat detection and response (SOC) • Drive the management of risk, compliance, and audit • Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices • Drive company initiatives to enhance system reliability, scalability, security, and business continuity • Own the IT vendor and partner strategy.

• Enterprise Cybersecurity Risk Management: Continuously identify, log, and analyze control nonconformities and unresolved/high-risk vulnerabilities across different sources. Maintain the Risk Registry and deliver timely risk treatment updates and reports to stakeholders. • Third-party Cybersecurity Risk Assessments: Executed annually, ensuring alignment with internal risk standards and external compliance requirements. • Cybersecurity Controls Management: Maintain and enhance the cybersecurity control framework by mapping existing controls, collecting evidence of execution, identifying gaps or nonconformities, and aligning overlapping requirements under a unified structure. Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification. • Policies and Procedures Development: Create and maintain cybersecurity-related policies and procedures. Ensure documentation complies with regulatory and contractual standards.