• Lead and support multiple low to moderately complex managed security compliance engagements, ensuring quality, consistency, and timeliness in all deliverables. • Execute compliance assessments, gap analyses, remediation planning, and evidence collection across frameworks such as PCI DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, HITRUST, CMMC, FedRAMP, NIST CSF, and GDPR. • Develop draft policies and procedures, reports, and other common project deliverables based on established template sets. • Effectively use project management tooling (Motion) to cross-map multiple account calendars, streamline scheduling, manage and prioritize tasks, assign tasks to others, and document processes and important client information. • Effectively use GRC platforms (Drata, Anecdotes, Hyperproof) to implement and manage Compliance Operations for clients. • Make efficient use of business tools (Slack, MS Office Suite, project management platforms) to work smarter, not harder. • Communicate effectively in email, chat, meetings, and other professional settings. Never forget to send weekly status updates. • Learn and apply AI LLM prompting basics; understand when to trust AI outputs and when to be skeptical. • Support senior team members in client relationship management and contribute to expanding services within existing accounts. • Collaborate with internal teams, including audit, advisory, and offensive security, to support integrated service delivery. • Monitor regulatory developments and industry trends to stay current on compliance requirements and best practices. • Complete all CPE requirements for current certifications prior to end of Q3. • Attend firm-sponsored trainings as applicable. • Manage your schedule in ProStaff and maintain timely, accurate completion of all required compliance and training.

• Lead and deliver multiple moderate-complexity security compliance engagements, ensuring high-quality, consistent, and timely execution. • Oversee and delegate lower-complexity engagements to junior team members, providing guidance and quality assurance. • Serve as a primary client relationship manager, advising on security compliance strategy, audit readiness, and risk management. • Execute and manage compliance assessments, gap analyses, remediation planning, and evidence collection across frameworks such as PCI DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 42001, HITRUST, CMMC, FedRAMP, NIST CSF, and GDPR. • Own and contribute to revenue delivery, including direct responsibility for ~$300K and oversight of $500K+ in team-managed project work. • Mentor and develop junior team members (Associates and Senior Associates), promoting professional growth and consistent service delivery standards. • Design and implement scalable security compliance programs aligned to clients’ current and future business needs. • Manage projects end-to-end, including scoping, resourcing, execution, and delivery; proactively coordinate across all levels of the organization. • Draft and manage engagement documentation, including Engagement Letters, Statements of Work (SOWs), and proposals; oversee invoicing, WIP, realization, margins, and overall project financials. • Collaborate cross-functionally with audit, advisory, and offensive security teams to deliver integrated client solutions. • Enhance and standardize service delivery through development of processes, templates, and methodologies to improve efficiency and scalability. • Support business development efforts, including proposal development, engagement scoping, and identifying expansion opportunities within existing accounts. • Stay current on regulatory changes and industry trends to proactively guide clients on emerging compliance requirements and best practices. • Contribute to internal initiatives such as training development, onboarding materials, and thought leadership to support team growth and market presence. • Leverage AI and LLMs to enhance service delivery while applying critical judgment to validate outputs.

• Create and manage filings in SERFF for forms, rules and rates • Maintain forms lists and applicability for all products • Maintain the filings library • Coordinate with product and engineering teams to ensure accuracy of form packages • Participate in audits by insurers, reinsurers and regulators • Respond to data calls • Maintain complaint process • Participate in marketing reviews • Participate in broker development contract reviews and appointment process • Other duties as assigned

• Define, monitor, and enforce internal processes and standards • Analyze data and ensure teams are following the right processes • Read reports and identify issues • Collaborate with different teams and take ownership of processes