• Define, own, and continuously evolve the enterprise identity and access management strategy, roadmap, and target architecture • Develop and maintain a prioritized backlog of identity initiatives, balancing risk reduction, and user experience • Present roadmap progress, risks, and recommendations to leadership and the CISO • Lead and participate in the design, configuration, and deployment of identity solutions using Okta and Microsoft Entra ID (Azure AD) • Drive the implementation and optimization of IGA capabilities including access certifications, role management, and joiner/mover/leaver processes • Oversee PAM tooling and processes, including privileged account provisioning, session management, and just-in-time access controls • Define and enforce identity standards, policies, and patterns for adoption across engineering and operations teams • Serve as the primary point of contact for identity platform vendors, managing contracts, escalations, and roadmap alignment • Build strong working relationships with clinical leads, IT operations, data governance, and HR to ensure identity controls support workforce needs • Communicate complex identity concepts in accessible terms to non-technical stakeholders across the organization

• Identify and mitigate risks in AI models, applications and data pipelines • Design and implement security protocols for AI/ML systems and infrastructure, models and data pipelines • Review applications and services using AI against both generic and AI specific threats • Conduct threat modeling and risk assessments • Monitor systems for anomalous behaviors • Assess and secure endpoints and APIs for model access and inference • Collaborate with stakeholders, engineers, data scientists and IT to integrate security into systems and infrastructure • Deliver client reports on AI security protocols and policies, and document best practices • Develop and implement AI security training for internal and external stakeholders

• Plan and execute end-to-end hardware penetration tests on embedded and IoT devices, against a defined scope and rules of engagement • Identify, access, and exploit on-board debug interfaces: JTAG, SWD, UART, and similar, to gain code execution or memory access • Extract firmware via debug ports, in-circuit flash reads (SPI / I2C / NAND), or chip-off when required, and analyze it for vulnerabilities • Intercept and analyze data on common embedded buses (SPI, I2C, UART, CAN, USB) using logic analyzers and protocol decoders • Where in scope, perform side-channel analysis and fault injection (power analysis, voltage/clock glitching) to bypass secure boot, readout protection, or authentication • Reverse engineer firmware and embedded binaries (Ghidra, IDA, Binwalk, etc.) to find logic flaws, hardcoded secrets, and exploitable conditions • Assess physical attack surface, tamper resistance, and key/secret storage • Distinguish between theoretical and operationally relevant risk to keep findings actionable • Write high-quality technical reports and present findings to client stakeholders, both technical and non-technical • Advise on practical, prioritized remediation that clients can act on • Build client confidence through credibility, clear communication, and proven impact • Build and maintain lab tooling, test rigs, and internal methodology • Contribute to research, responsible disclosure, and internal knowledge-sharing • Stay current on hardware attack techniques, embedded architectures, and defensive controls

• Define and enforce a coherent cloud architecture strategy • Own cloud cost strategy in partnership with Finance • Own Albert’s security posture end-to-end • Implement and evolve a Zero Trust architecture • Lead compliance and audit readiness • Own Azure interoperability strategy • Manage the ML/AI infrastructure platform • Drive infrastructure modernization • Build and lead a global SRE organization • Define and own the SLO framework • Establish incident response and disaster recovery programs • Manage vendor relationships • Develop and deliver cybersecurity awareness programs