• The Security Manager safeguards the confidentiality, integrity, and availability of our systems, data, facilities, and medical operations. • This role leads security governance, risk management, and compliance efforts; oversees security operations and incident response; and partners with IT, Clinical Operations, Privacy, and Compliance to ensure our organization meets regulatory requirements (e.g., HIPAA Security Rule) and industry frameworks (e.g., SOC 2, HITRUST). • Accountable for proactive risk reduction, rapid detection and response to threats, and building a strong security culture across the company. • Work closely with our engineering team and third-party security partners to define secure coding standards, validate security controls, and coordinate penetration testing and remediation for a modern cloud-native stack built on Azure, .NET Minimal APIs, Blazor WASM, MAUI, and PostgreSQL.

• Own the Security Program — End to End • Design and own GenLogs’ company-wide information security strategy • Define the security roadmap under constrained resources • Set enforceable security requirements across engineering, operations, and corporate IT • Maintain independence from DevOps while collaborating closely with them • Serve as the final authority on security risk acceptance • Identify and Protect Existential Assets (Day-Zero Focus) • Own IAM strategy across all systems • Enforce least-privilege, role-based access, MFA, and privileged access reviews • Define what incident response looks like before it happens • Build and maintain a phased execution plan • Own SOC 2 end-to-end • Ensure compliance does not degrade operational velocity • Brief the C-suite clearly on risk tradeoffs and consequences • Position GenLogs for more sensitive enterprise and government work

• Own and drive remediation of security vulnerability tickets across commercial and regulated environments • Coordinate closely with vulnerability management and site reliability engineering teams to ensure timely remediation within SLA • Analyze vulnerability trends to identify process gaps and recommend improvements to triage and remediation workflows • Track remediation progress and provide weekly status updates to management, including risk identification and mitigation plans • Collect and maintain remediation evidence to support compliance audits and regulatory requirements (e.g., PCI, SOC 2, C5) • Support secure operations across cloud and Linux-based infrastructure environments

• Analyze existing legal security commitments and compare them against actual product security practices to identify gaps and risks. • Conduct interviews with legal, security, and product stakeholders to document current security posture and contractual commitments across products. • Develop and maintain a comprehensive matrix mapping product security controls to contract terms, legal exhibits, and public-facing statements. • Draft and propose updates to security-related contract language, including security exhibits, standard customer terms, and negotiation fallback positions. • Partner cross-functionally with legal, product, and security teams to align public website security content with verified security practices. • Translate technical security controls and practices into clear, defensible legal language suitable for customer contracts and public documentation. • Create and manage a project plan with real-time progress tracking, weekly status reports for stakeholders, monthly leadership briefings, and an end-of-project executive summary with findings and recommendations.