• Act as the primary security point of contact for assigned strategic/critical accounts. • Build multi-threaded relationships with customer security leadership (CISO org), IT, risk/compliance, and engineering teams. • Lead security governance cadences including security posture reviews, risk discussions, and roadmap alignment. • Conduct discovery to understand customer environments, threat models, regulatory requirements, and business priorities. • Advise on cloud security controls and best practices.

• Diagnose, prioritize, and drive security program maturity • Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt • Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality — without waiting to be handed a problem statement • Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives • Hold the line on outcomes — not activity or artifacts. • Translate security requirements into engineering practice • Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship • Own the intersection of what security requires and what engineering can build — and move both sides toward it, fluently • Remove the blockers that sit between security intent and engineering execution • Build the habits and structures that outlast any individual program or initiative • Own the compliance surface without losing sight of real risk • Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale — not just satisfy milestone audits • Sequence compliance investments against where the company is going, not just where it’s been • Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale • Shape the AI security framework before it becomes a crisis • Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build • Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against • Operate with conviction in a space where the industry is still writing the rules • Drive alignment across a complex, high-stakes intersection • Operate at the seam between security, engineering, compliance, legal, and finance — without owning any of the headcount • Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path, not walking it for them • Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper • Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives • Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team

• Lead BetterHelp’s security engineering strategy, with offensive security as the foundation • Operate with a red team / attacker mindset, identifying vulnerabilities across applications, infrastructure, and internal systems • Direct and evolve the company’s red team capabilities, including penetration testing, code review, and vulnerability discovery • Provide oversight and guidance across: • Partner closely with Engineering to embed security into the software development lifecycle (SDLC) • Strengthen processes around vulnerability management, detection, and response • Build and improve offensive security tooling and capabilities, complementing external programs like Bugcrowd • Help reduce technical debt and improve system resilience through proactive security practices • Identify and address emerging threats, including AI security risks • Mentor and guide a strong team, setting a high bar for technical rigor and impact

• Konzeption und Implementierung individueller Microsoft Security-Lösungen • Begleitung komplexer IT-Security-Projekte von der Analyse bis Nachbetreuung • Entwicklung und Etablierung von Best Practices im Microsoft Security-Umfeld • Enge Zusammenarbeit mit Microsoft zur Bewertung neuer Security-Technologien • Mitgestaltung des Cybersecurity-Portfolios mit Fokus auf Innovation und Kundennutzen • Förderung von Wissenstransfer und fachlicher Weiterentwicklung durch Coachings