• Maintain and improve Vecima’s Information Security Management System (ISMS) • Support ISO/IEC 27001:2022 governance activities, including risk assessments, risk treatment tracking, control documentation, evidence collection, corrective actions, audit readiness, and follow-up on gaps • Coordinate periodic management reviews, policy and standards reviews, control updates, and related governance activities to support continuous improvement of the information security program • Maintain security metrics, dashboards, risk registers, and status reporting for leadership • Support and coordinate supplier security reviews, including due diligence, security questionnaires, risk assessments, remediation follow-up, and ongoing monitoring of higher-risk suppliers • Work with Supply Chain, Legal, internal business owners, and other stakeholders to ensure information security requirements are incorporated into supplier onboarding, contracting, monitoring, and offboarding processes • Use GRC, ISMS, and TPRM tools, including Optro (formerly AuditBoard), to manage security documentation, assessments, workflows, and evidence as applicable • Partner with internal stakeholders to define security requirements, assign action owners, track remediation, and escalate material security risks or unresolved issues as needed • Communicate security obligations, risks, and progress clearly to technical and non-technical audiences • Contribute to the development, implementation, and continuous improvement of the organization’s information security strategy aligned with business objectives • Stay current with emerging threats, security trends, and relevant technologies to help maintain an effective and practical security posture • Promote a strong culture of security awareness across the organization and support the delivery of effective security education and awareness activities • Support maintenance of the incident response plan and coordinate investigations, documentation, corrective actions, and follow-up activities related to security incidents

• Proteger ativos: Garantir a confidencialidade, integridade e disponibilidade das informações e sistemas da empresa • Mitigar vulnerabilidades: Realizar análises de risco, testes de segurança e identificar brechas em aplicações e infraestrutura • Implementar políticas: Desenhar e aplicar normas de segurança cibernética baseadas em boas práticas globais • Responder a incidentes: Estruturar planos de contingência e liderar a contenção de ameaças ou invasões • Garantir privacidade: Assegurar a conformidade total com a LGPD e normas regulatórias de segurança do setor • Disseminar cultura: Promover treinamentos e conscientização sobre ameaças (como phishing) para os colaboradores

• Design, implement, and maintain cloud security controls supporting AWS and Databricks-based enterprise platforms. • Support security architecture, risk management, compliance monitoring, and governance activities across cloud environments. • Implement and manage Identity and Access Management (IAM) controls, role-based access controls (RBAC), least-privilege access models, and authentication mechanisms. • Conduct security assessments, vulnerability analyses, risk evaluations, and remediation planning activities. • Support continuous monitoring initiatives, security event analysis, incident response, and audit readiness efforts. • Maintain compliance with FedRAMP High, FISMA, NIST 800-53, and other federal cybersecurity standards.

• Serve as the primary specialist for customers, partners, and internal teams to drive revenue growth across the data security product portfolio • Partner with domain-expert solution engineers to capture customer requirements and craft compelling value propositions that close complex business deals • Own the regional quota and territory achievement by building and implementing account-based strategies to land and expand data security solutions • Collaborate synergistically with primary sales teams and leadership to ensure a unified and effective Zscaler presence in the market • Engage stakeholders across the organization, selling effectively to both C-suite executives and technical practitioners