• Own and lead compliance programs and audit processes (SOC 2, PCI DSS, GDPR, HIPAA/HITECH) from planning through successful completion. • Drive evidence collection, documentation, and audit readiness, ensuring high-quality and timely delivery. • Act as a primary point of contact for external auditors, customers, and prospects on security and compliance matters. • Lead security discussions with enterprise customers, including deep-dive reviews and security questionnaires. • Oversee internal and external assessments across systems, services, and teams. • Own and evolve the Third-Party Risk Management program, managing and monitoring the security compliance of vendors and partners. • Maintain, enhance, and scale security controls and compliance processes across the organization. • Partner with engineering and product teams to translate compliance requirements into practical implementations. • Track and drive remediation efforts, ensuring accountability and timely resolution. • Produce and present audit and compliance reports to internal stakeholders and leadership. • Act as a strategic advisor by promoting security awareness and staying ahead of evolving regulatory and compliance trends.

• Support evidence collection and documentation for internal and external audits. • Assist in maintaining compliance with frameworks such as SOC 2, PCI DSS, GDPR, and HIPAA/HITECH. • Help manage and track compliance activities, monitoring efforts, and remediation tasks. • Support Third-Party Risk Management activities, including reviewing and tracking vendor compliance. • Contribute to security questionnaires and support customer-facing compliance discussions. • Participate in internal and external assessments of systems and processes. • Collaborate with engineering and product teams to implement and maintain security controls. • Prepare audit documentation and reports aligned with compliance requirements. • Contribute to the continuous improvement of compliance processes and documentation. • Stay informed on emerging security and regulatory trends and support internal knowledge sharing.

• Define and enforce platform reliability standards, including uptime, performance, and incident response expectations • Lead incident management processes, including coordination, communication, and post-incident reviews • Establish monitoring, alerting, and observability practices across the platform • Drive continuous improvement of operational processes and system stability • Oversee release processes, ensuring consistent and reliable deployments across environments • Partner with engineering teams to improve CI/CD pipelines and deployment workflows • Align release management practices with platform scalability and growth • Lead and mentor a team of engineers and analysts across operations, DevOps, and data functions • Collaborate with Product Engineering, QA, and Delivery teams to align priorities and execution • Act as an escalation point for complex technical and operational issues • Partner with security resources to ensure compliance (SOC 2, GovRAMP, NIST 800-53, etc.) • Own security audits for the Evoke platform, including audit readiness and remediation efforts • Oversee large-scale data migration and data operation efforts

• Serve as the main contact for federal and state regulators, including the SEC, FINRA, and state agencies • Coordinate intake, tracking, and resolution of exams, inquiries, complaints, and record requests • Partner with Compliance and business teams to assign work, gather records, and meet deadlines • Draft and review regulatory responses, from routine to complex, including supporting documentation • Maintain organized records of all regulatory activity in systems like OnBase and SharePoint • Manage and track recurring and ad hoc regulatory filings to ensure timely completion • Build and improve processes and procedures for regulatory responses and filings • Monitor performance through metrics and reporting, identifying trends and areas for improvement