• Define and enforce a coherent cloud architecture strategy • Own cloud cost strategy in partnership with Finance • Own Albert’s security posture end-to-end • Implement and evolve a Zero Trust architecture • Lead compliance and audit readiness • Own Azure interoperability strategy • Manage the ML/AI infrastructure platform • Drive infrastructure modernization • Build and lead a global SRE organization • Define and own the SLO framework • Establish incident response and disaster recovery programs • Manage vendor relationships • Develop and deliver cybersecurity awareness programs

• Provide independent assessments of MARAD information systems in support of system authorization, reauthorization, and continuous monitoring activities. • Evaluate management, operational, and technical security controls in accordance with NIST Risk Management Framework (RMF) requirements. • Support Authority to Operate (ATO) decisions. • Develop assessment documentation and reports. • Collaborate with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance. • Assess MARAD systems in one of three states: System Authorization: Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA). • Provide annual assessment support to the NSMV and MARAD CIO programs. • Conduct independent assessments of specified MARAD information systems following the System Authorization process. • Execute and conduct analysis of network and systems to validate appropriate security control implementation. • Develop security assessment plans and assessment reports compliant with latest revisions of NIST Special Publication 800-53A Recommended Security Controls. • Develop security assessment executive summary documents including summative presentation further providing an overview of activities, findings, risks and mitigation recommendations.

• Own architecture strategy and hands-on delivery for IT & Security engineering initiatives. • Translate security and IT objectives into actionable workflows, automation patterns, and documentation. • Mentor team members on technical troubleshooting, configuration, and best practices; foster a security-first culture. • Evaluate and recommend technologies to improve security posture, service reliability, and operational efficiency. • Own end-to-end identity lifecycle management using Okta as the primary IAM platform. • Maintain and refine RBAC/ABAC models, least-privilege controls, and provisioning workflows. • Implement and support SSO, MFA, SCIM, conditional access, and session security controls. • Conduct periodic access reviews and maintain audit documentation for GovWorx compliance frameworks. • Serve as SME for Jamf (macOS) and Intune (Windows): secure baselines, configuration profiles, provisioning, and compliance enforcement. • Maintain Zero Trust device posture: encryption, patching, MDM enforcement, automated remediation, and application access controls. • Manage and tune the EDR deployment for detection quality and incident readiness. • Deploy self-service endpoint capabilities to minimize employee friction and ensure timely application access. • Maintain centralized logging and monitoring pipelines across identity, endpoint, and SaaS systems. • Create and refine detection alerts for high-signal, low-noise event visibility. • Lead technical investigation during security events: evidence gathering, forensic analysis, containment, and remediation recommendations. • Collaborate with the Head of IT & Security on incident prioritization, communication, and business-impact decisions. • Maintain and optimize core SaaS, collaboration, and IT platforms for reliability and scalability. • Own hardware and software lifecycle management: procurement, deployment, inventory, and secure decommissioning. • Maintain and regularly test backup, continuity, and disaster recovery processes. • Maintain system diagrams, runbooks, SOPs, and internal knowledge articles. • Support GovWorx compliance frameworks through control enforcement, audit evidence collection, and documentation. • Maintain SaaS application and OAuth integration inventory; review and control privileged access and scope boundaries. • Manage lifecycle of service accounts, API keys, certificates, and secrets; enforce secure storage and automated rotation. • Assist in vendor security evaluations, risk assessments, and risk register contributions.

• Contribute to developing strategic and tactical planning for FSQR activities across the NA region and take responsibility for executing the process for the Canada FSQR team • Lead and develop team talent through succession planning for key roles, performance management, coaching, mentoring, and recruitment processes • Analyze, review, and interpret external regulations as well as customer and supplier standards, then implement necessary policies and procedures to ensure compliance with applicable laws and regulations for the Canada POD • Establish and maintain leadership partnerships and relationships with key stakeholders across cross-functional teams to promote an integrated safety and quality culture and support business strategies • Independently facilitate resolution of highly complex issues and proactively anticipate risks, implementing preventive measures or mitigation plans as appropriate • Support development and escalation of new innovations, continuous improvement initiatives, and process sustainment • Support base and non-base capital investments for Canada and the broader NA regions to maintain and enhance food safety management systems and product safety • Other duties as assigned