Role Description We are seeking a visionary Head of IT Enterprise Security to lead the security strategy for our new, high-growth battery energy storage business. As a key member of the team, you will be the primary architect of a "secure-by-design" philosophy. This is a unique opportunity to build a world-class security program from the ground up, securing the very technology that will power the future. Key Responsibilities - Strategic Leadership & Vision - Security Strategy & Leadership: - Build and lead a comprehensive security program from the ground up, covering Product, Manufacturing (OT), and Corporate (IT) security. - Product Security (Secure-by-Design): - Partner with Engineering to integrate security into the product lifecycle, focusing on Battery Management Systems (BMS), firmware integrity, and hardware-level protections. - IP & Trade Secret Protection: - Implement rigorous data loss prevention (DLP) and access controls to safeguard proprietary battery chemistry, R&D data, and manufacturing processes. - Manufacturing (OT) Security: - Secure our automated production lines and factory floor environments to ensure operational uptime and prevent industrial sabotage. - Supply Chain Integrity: - Establish a robust vendor risk program and Software Bill of Materials (SBOM) to ensure the integrity of global components and sub-systems. - Compliance & Standards: - Drive the business toward achieving critical product and industrial certifications (e.g., IEC 62443, ISO 27001, UL 2900). Qualifications - 12+ years in cybersecurity or risk management, with at least 5 years in a senior leadership role within a hardware manufacturing or high-tech environment. - Bachelor’s or Master’s degree in Computer Science, Engineering, or a related technical field. - Proven track record of securing embedded systems, firmware, or IoT devices at scale. - Direct experience securing Operational Technology (OT) and Industrial Control Systems (ICS). - Demonstrated ability to build security functions from scratch in a fast-paced, "startup-style" business unit. - CISSP is required; CSSLP (Secure Software) or GICSP (Industrial Security) is highly preferred. Requirements - Experience in the Renewable Energy, Automotive (EV), or Semiconductor industries. - Strong ability to communicate complex technical risks to executive leadership and board members. - Familiarity with export control regulations and international intellectual property protection. - Visionary strategic thinker able to navigate rapidly evolving global energy storage markets. Benefits - Immediate medical, dental, vision and prescription drug coverage. - Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more. - Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more. - Vehicle discount program for employees and family members and management leases. - Tuition assistance. - Established and active employee resource groups. - Paid time off for individual and team community service. - A generous schedule of paid holidays, including the week between Christmas and New Year’s Day. - Paid time off and the option to purchase additional vacation time.

• Technical lead for Security & AI alliances: translate alliance strategy into technical plans, priorities, and execution with alliance leadership. • Drive joint solutions: define/validate integrations (APIs, interoperability) and produce reference architectures, validated designs, and solution blueprints. • Align roadmaps: identify technical gaps/dependencies and incorporate partner/customer feedback to coordinate with Product and Engineering. • Partner technical engagement: represent Veeam with partner technical stakeholders and support strategic customer/partner opportunities requiring tight technical alignment. • Create joint technical assets: develop briefs, diagrams, guidance, demos, and validation materials highlighting value and differentiation. • Enable teams: train/enable internal and partner field teams on deployment considerations and joint solution positioning. • Track outcomes: manage technical milestones (validations, integrations, enablement readiness, and field adoption) tied to alliance priorities.

• Lead the design, implementation, and ongoing improvement of data security controls across Azure data services and Databricks environments, including data classification, access control, encryption, and monitoring. • Implement and operationalize Microsoft Purview capabilities such as data discovery, classification, sensitivity labeling, lineage, cataloging, and access insights across structured and unstructured data sources. • Define and enforce least-privilege access models for data platforms using Azure RBAC, Entra ID, managed identities, service principals, and Databricks workspace permissions. • Partner with privacy, compliance, and legal stakeholders to translate regulatory and contractual requirements into actionable technical controls and standards. • Perform in-depth security reviews of Azure data architectures, including storage accounts, Azure SQL, Synapse, ADLS Gen2, Event Hubs, and Databricks deployments. • Assess and remediate data-related risks in infrastructure-as-code (Terraform), platform configurations, and CI/CD pipelines. • Contribute secure-by-design patterns and reusable templates for data platforms, incorporating encryption, private networking, logging, and policy-as-code. • Design and maintain data security monitoring and alerting, integrating Purview, Azure Monitor, and Defender for Cloud workflows. • Support investigation and response for data security incidents, including exposure analysis, root cause identification, and long-term remediation. • Own documentation, standards, and security guidelines for data platforms; ensure alignment with Aya security standards and audit expectations. • Lead medium- to large-scope data security initiatives end-to-end, including requirements, design, implementation, stakeholder alignment, and measurable outcomes. • Mentor Security Engineers and partner engineers on data security best practices; act as a subject-matter expert for data protection topics. • Translate complex technical risks into clear business impact for engineering leaders and stakeholders.

At Rezilient, we’re redefining primary care by making access to healthcare more convenient, timely, and seamless. Our innovative CloudClinic model combines virtual provider visits with cutting-edge technology to create a personalized digital healthcare experience that puts patients at the center of their care. - Develop, implement, and maintain the security & compliance program aligned with company goals and regulatory requirements (HIPAA, HITECH, HITRUST, SOC 2, etc.). - Lead certification and attestation efforts, including SOC 2 audits, HITRUST readiness, and other healthcare/security frameworks. - Develop and maintain security and compliance policies, standards, and procedures; ensure they are operationalized and enforced across the organization. - Oversee governance activities including risk assessments, internal audits, compliance reviews, and reporting of KPIs/metrics to leadership. - Own and manage the third-party/vendor risk management program, including security assessments, ongoing monitoring, and partnership with legal/procurement on contract requirements. - Oversee incident response from a governance and compliance perspective, ensuring response plans are in place, coordinating cross-functional efforts, and managing regulatory reporting when required. - Maintain and manage the enterprise risk register, including tracking remediation efforts and escalating risks appropriately. - Coordinate and oversee security awareness and compliance training programs, ensuring effectiveness and adoption across the organization. - Provide regular reporting to the CISO and executive team on security posture, compliance status, and risk landscape. - Monitor the evolving regulatory and industry landscape (healthcare, privacy, SaaS/cloud) and ensure the organization adapts proactively. - Partner closely with Product and Engineering teams to embed security and compliance into the product lifecycle. - Lead or support security and compliance reviews of new features, infrastructure, and architecture decisions. - Ensure adherence to secure development practices, data protection requirements, and regulatory considerations in platform design (especially for PHI/PII handling). - Act as a key stakeholder in design reviews, threat modeling, and release readiness from a compliance standpoint. - Work closely with Clinical Operations teams to maintain and evolve the compliance program for care delivery (both virtual and in-clinic). - Ensure workflows, protocols, and systems used in care delivery meet HIPAA/HITECH and other regulatory requirements. - Support audits, documentation, and training related to clinical compliance and patient data handling. - Partner with IT on clinic and corporate security, including device management, endpoint security, access controls, and software governance. - Ensure consistent enforcement of security policies across physical clinics and distributed environments. - Support implementation and monitoring of controls related to identity/access management, endpoint protection, and SaaS tools. - Partner with Growth (Sales) and Client Success teams to support security and compliance needs throughout the customer lifecycle. - Respond to security questionnaires, RFPs, and due diligence requests from prospective and existing clients. - Act as a subject matter expert in sales cycles, helping articulate the company’s security posture and build trust with buyers. - Develop and maintain standardized security materials (e.g., trust center content, policies, certifications, FAQs) to streamline sales and client interactions.