• Assist with monitoring alerts and logging to identify potential threats • Support threat intelligence collection and analysis to help detect emerging cyber risks • Participate in incident triage and response activities, including evidence collection and documentation • Assist with vulnerability scanning, reporting, and remediation tracking across enterprise systems • Explore the use of generative AI tools for cyber defense, automation, documentation enhancement, or workflow enhancements • Participate in team meetings, training, and assist with documentation/process updates • Assist with system hardening, patch validation, account reviews, and CMMC related artifact gathering • Participate in cross-departmental projects and process improvement initiatives as available

Role Description Eaton’s corporate legal team is seeking a Senior Counsel to support the enterprise’s cybersecurity function. The preferred location for this position is either our corporate office in Beachwood, OH or in Moon Township, PA, but remote work from the Eastern or Central time zone is available. Some travel is expected (~10%). The Senior Counsel role will lead a cross-functional cybersecurity legal program that integrates security operations, incident response, governance, and regulatory/data privacy compliance, while advancing responsible AI security and risk management. This role serves as the legal bridge among Cybersecurity, IT, OT, Communications, HR, and Finance, ensuring the company can prevent, detect, respond to, and recover from cyber incidents and AI-related risks while meeting global legal and regulatory obligations. The leader will drive tabletop exercises, oversee policy/playbook development, guide product and enterprise security reviews, and act as a primary legal cyber advisor to executives during IT/OT security and AI governance events. Key Responsibilities - Incident Readiness & Response - Own the legal aspects of the enterprise incident response (IR) program including preparation, detection, response, recovery, and lessons learned; manage executive ready IR playbooks that clearly define roles functions. - Contribute by assisting with the planning, deployment, and debriefing tabletop exercises with internal teams and outside firms; track remediation items through to closure and report outcomes to senior leadership and the board. - Serve as on call executive advisor for material incidents, coordinating with security operations center, corporate event response team, outside counsel, insurers, regulators, and law enforcement as needed. - Ensure eDiscovery, privilege, and regulatory timeline considerations are embedded in IR workflows (e.g., notification triggers, insurer engagement). - Coordinate with Engineering and IT on AI incident reporting obligations under emerging regulations. - Security Governance, Risk & Compliance - Contribute to cross functional Cybersecurity/IT/OT governance forums; align policy and standards with Zero Trust, identity, network, cloud, and OT security programs. - Oversee policy lifecycle (draft, socialize, approve, measure), including AI security monitoring standards and privacy by design controls in partnership with Data Protection Privacy teams. - Direct risk assessments for major programs and products; track risk treatment plans and KRIs/KPIs in collaboration with GRC and Internal Audit. - Regulatory & Global Counsel Integration - Act as the executive point of contact for global cybersecurity and data protection laws (e.g., U.S. sectoral rules, EU NIS2/GDPR, China’s Cybersecurity Law), coordinating with regional counsel and external advisors to interpret obligations and translate them into operational controls. - Lead regulatory response readiness (notifications, supervisory inquiries, exam prep) and ensure documentation/attestations are accurate and defensible. - Track and interpret AI-related regulatory developments (EU AI Act, U.S. state AI laws) and translate them into actionable compliance requirements. - Enterprise & Product Security Reviews - Co-lead Cyber Product Review and security architecture gates for enterprise platforms and customer facing products/solutions; drive decision logs, actions, and risk acceptance processes with accountable owners (IT, Engineering, Product, Legal). - Expand Cyber Product Reviews to include AI risk assessments for products and internal tools; ensure secure model deployment and vendor risk evaluations. - Ensure integration, vulnerability management, and cloud security roadmaps; report progress, risks, and dependencies through executive dashboards. - Stakeholder Engagement & Communication - Provide board/C suite briefings on AI risk and cyber posture, material risks, control maturity, and incident updates, including emerging threats and compliance obligations; craft clear, business outcome focused narratives. - Partner with Corporate Communications to prepare proactive/reactive statements and media strategies as part of IR planning and exercises. - Coach and enable business/function leaders to own cyber risk within their domains. Qualifications - Juris Doctorate; licensed and in good standing to practice in at least one state - Experience working in a global law firm and a global corporation (in-house counsel) - Minimum of ten (10) years in cybersecurity, cyber risk, incident response, or closely related domains, with significant cross functional leadership. - Demonstrated experience leading complex incidents/tabletops and working directly with outside counsel/insurers/regulators. - Up to 10% travel - Eaton will not consider applicants for employment immigration sponsorship or support for this position. Preferred Qualifications - Certifications: CISSP, CISM, CISA, CCSP, or relevant privacy credentials (e.g., CIPP/E, CIPP/US, CIPM). - Experience with OT security governance and enterprise Zero Trust transformations. - Experience working within a complex, multinational company. - Experience within a manufacturer or other highly-engineered, physical product-based organization helpful. Skills - Strong command of global cyber/data protection frameworks - Proven ability to translate legal/regulatory obligations into executable controls and measurable program outcomes. - Executive presence; excellent written/oral communication with board level stakeholders. Benefits - Competitive pay and a variety of benefit programs for eligible employees. - The expected annual salary range for this role is $182,000 - $266,000 a year. - This role is also eligible for a variable incentive program.

• Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction. • Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans. • Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows. • Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments. • Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time. • Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments. • Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform. • Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

• Perform implementation of CNAPP and CSPM tools in multi-account AWS and Azure environments. • Implement IaC scanning tools within the CI/CD Pipelines. • Develop Infrastructure as code in Cloud Formation or Terraform. • Develop custom control checks within CNAPP Platforms using JSON, REGO, or Terraform. • Analysis – identifies and evaluates potential threats and vulnerabilities to the public cloud environments network, applications, infrastructure, and systems. • Issue Resolution – leads the resolution of identified issues in public cloud environments. • Vulnerabilities – Cloud, System, and Application • Compliance – CIS, NIST, AWS, and Azure best practices. • Cloud Entitlements – Excessive Permissions and various IAM best practices. • Secrets – unprotected secrets on VMs, Containers, and IaC repositories. • IaC – misconfigurations and vulnerabilities within developed IaC. • Deep understanding of Kubernetes and microservices security best practices. • Performs container registry scanning. • Reviewing and creating metrics, KPIs, and KRIs to track overall cloud security posture. • Create, maintain, and update runbooks for cloud configuration checks. • Assess the overall security posture of cloud security infrastructure and workloads. • Advise customers on Cloud security best practices.