• Support SAP Application Security and Identity Access Management for the S/4HANA program • Execute technical design, implementation, and maintenance of the security framework • Perform hands-on configuration of SAP GRC to automate User Management and execute Segregation of Duties analysis • Design, build, and maintain S/4HANA security roles, focusing on Fiori authorizations • Setup and test SAP GRC Access Control to facilitate automated user provisioning • Partner with Fiori specialists to integrate Fiori authorizations with backend roles • Ensure adherence to Security Management controls and federal audit requirements • Validate user entitlements during certification processes • Support audit inquiries related to user access • Monitor and report on SoD violations

• Develops, coordinates, and implements systems, policies, procedures, and productivity standards • Foster a positive and collaborative work environment • Oversee the planning, execution, and completion of projects and initiatives within the team • Establish and monitor operational processes and workflows to enhance efficiency and productivity • Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence • Ensures a safe, secure, and compliant work environment • Build and manage a high-performing team, including hiring, training, and development • Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success • Identify skill gaps within the team and develop strategies for filling those gaps • Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements • Build, lead, and scale a high-performing IT and Security organization • Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding and identity and access management • Own and mature the security program, including governance, risk management, and threat detection and response (SOC) • Drive the management of risk, compliance, and audit • Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices • Drive company initiatives to enhance system reliability, scalability, security, and business continuity • Own the IT vendor and partner strategy.

• Enterprise Cybersecurity Risk Management: Continuously identify, log, and analyze control nonconformities and unresolved/high-risk vulnerabilities across different sources. Maintain the Risk Registry and deliver timely risk treatment updates and reports to stakeholders. • Third-party Cybersecurity Risk Assessments: Executed annually, ensuring alignment with internal risk standards and external compliance requirements. • Cybersecurity Controls Management: Maintain and enhance the cybersecurity control framework by mapping existing controls, collecting evidence of execution, identifying gaps or nonconformities, and aligning overlapping requirements under a unified structure. Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification. • Policies and Procedures Development: Create and maintain cybersecurity-related policies and procedures. Ensure documentation complies with regulatory and contractual standards.

• Serve as the primary security point of contact for external customers, owning the end-to-end customer security relationship. • Lead customer security programs for managed services, ensuring alignment with contractual obligations, regulatory requirements, and enterprise security standards. • Translate customer security requirements into actionable security objectives, coordinating delivery across internal Information Security, Engineering, Cloud Platform, and Application Security teams. • Provide oversight and governance of MSSP-delivered Security Operations, including monitoring, incident detection, response coordination, and SLA adherence. • Own and coordinate customer-specific governance, risk, and compliance (GRC) activities, including risk assessments, control mapping, and remediation tracking. • Lead customer security governance forums, periodic security reviews, and executive-level briefings. • Coordinate customer security questionnaires, audits, certifications, and assurance activities in partnership with internal GRC and compliance teams. • Ensure timely and effective communication of security posture, risks, incidents, and remediation plans to customers and executive stakeholders. • Oversee security incident coordination affecting customer environments, ensuring appropriate response, customer communication, and post-incident follow-up. • Track and manage customer security risks, exceptions, and remediation activities through formal governance processes. • Support the continuous improvement and scalability of the enterprise customer security program model. • Perform additional duties as assigned by the Director of Information Security.