• serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. • performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. • possesses an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s. • determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control). • determines the possible ramifications on the system’s current or future authorization. • briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

• Lead a team of risk, compliance, and privacy experts who partner with global technology teams and business leaders in the execution of Ryder’s Information Security Management System • Lead the development and ongoing management of common control and risk management frameworks for measuring the organizational security posture based on industry, regulatory, and customer needs • Serve as a trusted partner to educate and collaborate on information security and risk management best practices with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT • Lead the development and ongoing management of global information security policies and corporate standards throughout the organization that align with industry guidance and result in effective methods to reduce security risks • Lead the development and management of a global third-party risk management program to evaluate new and existing vendors on a regular basis based on their criticality to the business • Lead the development and management of a global information security customer compliance program which facilitates the processes for handling customer requests for information security attestations, audits, on-site reviews, and remediation of security findings • Lead the development and management of a modern, engaging, global information security training and awareness program to provide ongoing information security education to all levels of the organization • Lead the development and management of an IT enterprise risk register to properly catalog, manage, communicate, and assess global IT risks

• Support Principal and Senior Consultants in the delivery of cybersecurity and compliance engagements • Conduct gap analyses against frameworks and requirements such as NIST CSF 2.0, SOC 2, ISO 27001, PCI DSS, HIPAA, and CMMC - crosswalking when applicable • Assist in identifying, assessing, and documenting security and compliance risks • Contribute to the preparation of client-facing materials, helping communicate compliance requirements and risk findings to technical and non-technical stakeholders • Support the development of strategic, operational, and tactical recommendations to remediate identified risks and improve the client’s security posture and compliance position • Deliver tasks and projects on time and within budget while meeting critical success metrics to maintain high client satisfaction

• Lead and coordinate SOC analysts during assigned shift, ensuring adherence to procedures and performance expectations. • Serve as the first line of escalation for high-priority or complex security incidents. • Oversee real-time monitoring, analysis, and triage of security alerts from various security platforms. • Validate and ensure completeness, accuracy, and consistency of incident documentation and ticketing. • Enforce adherence to playbooks, runbooks, and service level agreements (SLAs). • Provide shift handoff summaries and briefings to incoming teams and SOC leadership. • Mentor and coach team members to drive continuous skill development and career progression. • Assist with onboarding of new analysts and ensure proper access to customer environments. • Participate in operational planning and post-incident reviews to identify improvements. • Collaborate across internal teams to support customer onboarding, tuning, and custom configurations. • Maintain awareness of emerging threats, vulnerabilities, and security technologies.