• Analyze large-scale SaaS security data, investigate incidents, and develop advanced threat detection strategies • Dive deep into terabytes of SaaS Application data to identify new attack vectors, emerging threats, and vulnerabilities • Utilize your technical prowess to investigate complex SaaS & AI security incidents • Leverage your expertise in data analysis to fine-tune detection rules and algorithms • Drive thought leadership initiatives by creating technical blog posts, delivering webinars, and speaking at conferences • Collaborate with security researchers and data scientists to define new threat detection strategies • Continuously monitor and analyze SaaS attack techniques and adapt security posture accordingly • Work with APIs and integrations to ingest security logs from various SaaS platforms

• Lead security certification & audit readiness (ISO 27001 / SOC 2). • Operate the ISMS controls program. • Evidence management & auditor response. • Risk management program execution. • Metrics, reporting, and stakeholder enablement. • Manage periodic reviews and updates of security policies and procedures. • Partner with an outsourced/internal audit function to validate control performance. • Support cross-functional education and adoption of security requirements.

• Partner with data owners and the Data team to identify and inventory critical data assets across the enterprise. • Implement automated and programmatic classification of sensitive data using tools such as Wiz, Microsoft Purview, Varonis and other data security solutions. • Develop and maintain data protection policies aligned with regulatory standards (e.g., HITRUST, HIPAA). • Apply and tune DLP policies across email, cloud, USB, printing, and endpoint channels. • Build dashboards, alerts, and metrics for real-time monitoring of data protection events. • Implement and manage data rights enforcement mechanisms to ensure appropriate access and usage of sensitive data. • Contribute to the deployment and tuning of DSPM tools such as Wiz, Zscaler, Varonis, Imperva and others to enhance visibility and control. • Collaborate with infrastructure teams to ensure backup and recovery strategies align with data protection objectives and support immutable backups. • Integrate DLP and DSPM tools with SIEM for incident response, ticketing, and compliance reporting. • Work closely with CAQH teams to align protection strategies with business operations. Provide training and documentation to business units on data protection best practices.

• Analizar los requerimientos del negocio para diseñar arquitecturas, patrones y soluciones que mitiguen riesgos en los proyectos de transformación • Construir matrices de controles personalizadas según el contexto tecnológico (Nube, Aplicación, APIs, Microservicios) • Verificar la correcta implementación de los controles en todas las capas del software mediante la ejecución de escaneos de línea base y la validación de evidencias técnicas • Realizar el seguimiento, priorización y recomendaciones técnicas para el cierre de vulnerabilidades identificadas durante el ciclo de desarrollo de aplicaciones • Actuar como referente frente a las células de transformación, detallando activos críticos, amenazas y riesgos asociados a la arquitectura • Coordinar la respuesta a requerimientos de auditorías internas/externas y evaluaciones de riesgo • Elaborar informes sobre el estado de seguridad de las iniciativas y comunicar desviaciones de manera oportuna a las partes interesadas