• Design, build, configure and deploy SailPoint’s IAM and PAM services & solution(s), including identity & accounts management, access management policies & associated controls, identity verification & authentication, secrets management, privileged access management as well as audit & reporting. • Conduct analysis, generate designs & procedures, work closely with stakeholders to define use-cases, keep & maintain inventories, and develop comprehensive documentation & diagrams. • Support IAM infrastructure operations, including troubleshooting user issues, change management, and performing system administration & maintenance. • Monitor and respond to any capacity and/or performance needs, including rotational on-call support for the IAM infrastructure. • Provide regular reports to leadership regarding security, data governance, capacity, performance, usage and licensing. • Lead projects, provide security consultation(s), and develop detailed project plans for various projects & phases (PoC, Pilot, Production rollouts). • Recommend and implement modifications that will enhance system usability & reliability while analyzing all aspects of the existing infrastructure. • Proactively establish and grow a broad collaboration with business analysts, app / system owners, architects and engineers focusing on strategy, proliferation of automation & integrations, as well as defining / building and refining enterprise services & capabilities. • Provide training on changes to system architecture and/or user experience (UX), document support procedures, and analyze user feedback to minimize impacts and maximize value to the business. • Devise, develop and implement SOPs, SLAs and supporting workflows and approval criteria. • Collect, analyze and decipher identity and security metrics & event data in order to provide meaningful recommendations to improve current policy configurations, and improvements to the UX.

• Own the lifecycle of our team members. You’ll manage workflows and integrations to ensure the right people have the right access at the right time. • Act as the primary architect for our macOS fleet using JAMF, ensuring every device is compliant, encrypted, and ready for work with minimal disruptions to the user. • Monitor and improve DLP posture through technical implementation using Crowdstrike, Slack, and Google. • Move beyond manual tickets. You’ll utilize and tune automation tools to streamline onboarding, offboarding, and support questions. • Partner with our DevOps teams to manage security access configurations within AWS, learning to navigate and secure cloud-native environments. • Champion the use of AI tools to enhance Security and IT efficiency, from automated helpdesk responses to identifying anomalous login patterns. • Partner with the HR (People) team to create impactful security trainings and updates to empower all employees to be the first line of defense. • Provide high-touch IT and security support. You’ll be the friendly face of security, helping employees understand why security protocols matter and how to follow them.

• Architect, Design, develop, and maintain advanced build tooling to accelerate the remediation of vulnerabilities across engineering pillars. • Lead Proof of Concepts (POCs) for security initiatives and evaluate third-party tools to increase developer velocity while enhancing our security posture. • Architect, Design, Develop Security Feature initiatives such as FIPs, TLS/Encryption, Secrets rotation, Identity & Access Management, Certificate Management. • Help find root causes and triage complex product-related stability issues related to security. • Build tooling around Security initiatives such as encryption inventory and other tools to gauge security standards of feature delivery. • Author comprehensive design documents and test plans for cross-component security features, positively affecting change even in the face of ambiguity. • Mentor lower-level team members and contribute to the growth of the team’s technical expertise through code reviews and documentation. • Collaborate across organizational lines, interacting with internal stakeholders and senior management to resolve customer escalations and meet long-term objectives.

• Define and maintain the information security roadmap aligned with business objectives and required market updates; • Develop and periodically review the security plan, prioritizing initiatives based on risk analysis; • Propose investments in tools, processes, and training, justifying them with cost-benefit and risk analyses; • Present executive reports on security maturity and posture to leadership. • Structure and operate the monitoring, detection, and incident response process; • Analyze security logs and events to identify potential threats; • Conduct incident investigations and coordinate containment and remediation actions; • Develop and maintain playbooks and runbooks for incident handling. • Perform and coordinate vulnerability assessments on systems, applications, and infrastructure; • Conduct or oversee penetration tests (pentests) and security audits; • Keep the risk matrix up to date and propose mitigation plans; • Define and monitor security KPIs and metrics. • Implement, configure, and manage security tools (SIEM, EDR, DLP, WAF, IDS/IPS, SOAR); • Evaluate and recommend new security technologies and solutions; • Automate security processes whenever possible to improve operational efficiency. • Manage third-party SOC providers and security services; • Define SLAs, track deliveries, and ensure the quality of contracted services; • Coordinate phishing tests and pentests conducted by external partners. • Develop, review, and implement information security policies, standards, and procedures (LGPD, ISO 27001/27002, PCI DSS); • Serve as the security focal point with development, infrastructure, and compliance teams; • Ensure compliance with regulations and standards in the financial sector. • Act as the security liaison for vendor and client requests. • Plan and execute security awareness programs; • Promote training and educational campaigns for employees; • Foster a security culture across the organization. • Monitor trends, emerging threats, and market best practices; • Propose and lead continuous improvement initiatives to enhance security posture; • Participate in cybersecurity communities and events for networking and professional development.