Role Description As a Senior Advanced Cyber Security Architect/Engineer at Honeywell, you will support and contribute to the design, implementation, and maintenance of enterprise cybersecurity solutions that protect critical systems and data. You will work hands-on to help strengthen defenses against emerging threats, providing technical analysis and subject-matter support to senior cybersecurity leaders. - Collaborate closely with cross-functional teams to help integrate cybersecurity requirements into systems and initiatives. - Assist with research and evaluation of emerging technologies. - Contribute to continuous improvement efforts across the cybersecurity program. - Support cybersecurity compliance and risk-based initiatives aligned with enterprise standards and regulatory requirements. - Report into the Honeywell Global Security Compliance team. - Operate within a flexible, remote-eligible work environment. Through your contributions, you will help safeguard the reliability, safety, and integrity of systems that power the modern world. Company Description Honeywell helps organizations solve the world's most complex challenges in automation, the future of aviation, and energy transition. As a trusted partner, we provide actionable solutions and innovation through our: - Aerospace Technologies - Building Automation - Energy and Sustainability Solutions - Industrial Automation business segments Powered by our Honeywell Forge software, we help make the world smarter, safer, and more sustainable.

• Maintain and improve Vecima’s Information Security Management System (ISMS) • Support ISO/IEC 27001:2022 governance activities, including risk assessments, risk treatment tracking, control documentation, evidence collection, corrective actions, audit readiness, and follow-up on gaps • Coordinate periodic management reviews, policy and standards reviews, control updates, and related governance activities to support continuous improvement of the information security program • Maintain security metrics, dashboards, risk registers, and status reporting for leadership • Support and coordinate supplier security reviews, including due diligence, security questionnaires, risk assessments, remediation follow-up, and ongoing monitoring of higher-risk suppliers • Work with Supply Chain, Legal, internal business owners, and other stakeholders to ensure information security requirements are incorporated into supplier onboarding, contracting, monitoring, and offboarding processes • Use GRC, ISMS, and TPRM tools, including Optro (formerly AuditBoard), to manage security documentation, assessments, workflows, and evidence as applicable • Partner with internal stakeholders to define security requirements, assign action owners, track remediation, and escalate material security risks or unresolved issues as needed • Communicate security obligations, risks, and progress clearly to technical and non-technical audiences • Contribute to the development, implementation, and continuous improvement of the organization’s information security strategy aligned with business objectives • Stay current with emerging threats, security trends, and relevant technologies to help maintain an effective and practical security posture • Promote a strong culture of security awareness across the organization and support the delivery of effective security education and awareness activities • Support maintenance of the incident response plan and coordinate investigations, documentation, corrective actions, and follow-up activities related to security incidents

• Proteger ativos: Garantir a confidencialidade, integridade e disponibilidade das informações e sistemas da empresa • Mitigar vulnerabilidades: Realizar análises de risco, testes de segurança e identificar brechas em aplicações e infraestrutura • Implementar políticas: Desenhar e aplicar normas de segurança cibernética baseadas em boas práticas globais • Responder a incidentes: Estruturar planos de contingência e liderar a contenção de ameaças ou invasões • Garantir privacidade: Assegurar a conformidade total com a LGPD e normas regulatórias de segurança do setor • Disseminar cultura: Promover treinamentos e conscientização sobre ameaças (como phishing) para os colaboradores

• Design, implement, and maintain cloud security controls supporting AWS and Databricks-based enterprise platforms. • Support security architecture, risk management, compliance monitoring, and governance activities across cloud environments. • Implement and manage Identity and Access Management (IAM) controls, role-based access controls (RBAC), least-privilege access models, and authentication mechanisms. • Conduct security assessments, vulnerability analyses, risk evaluations, and remediation planning activities. • Support continuous monitoring initiatives, security event analysis, incident response, and audit readiness efforts. • Maintain compliance with FedRAMP High, FISMA, NIST 800-53, and other federal cybersecurity standards.