• Create and maintain security architecture and engineering processes and procedures • Design of system architectures which meet established cybersecurity requirements and align with customer needs • This includes security requirements definition, documentation, and communication. • Development of security architecture requirements and implementation guidance based on analysis of NIST 800-53 and or other security control frameworks • Architect, design, implement, maintain, and operates information system security controls and countermeasures. • Provides techniques and patterns for securing integration with external security system vendors and/or cloud providers • Leads regular architecture and design reviews to ensure requirements implementation • Evaluates and plays an active role in life-cycle management of multiple security technologies • Identify security risks and control gaps within systems, designs, products, data flows, and processes; and recommend corrective architecture, integrations, controls, and operations • Lead the development of security requirements, architectures, and documentation to ensure security controls are seamlessly integrated into new technology deployments • Perform secure architecture and design reviews of new technology and security systems deployments, and collaborate with business teams to integrate secure-by-design principles into engineering projects and builds • Maintain a clear view of the overall security architecture roadmap and strategic plan • Leverage emerging technologies and advanced security practices to ensure EverCommerce is at the forefront of security for our solution groups and our customers • Build, maintain and mature security architecture metrics and reporting • Recruit, hire, train, coach and mentor security engineers and analysts • Additional duties as required and assigned

• Develop, implement, and maintain effective governance frameworks and policies to ensure organizational alignment with industry best practices and applicable regulatory compliance. • Own the IT Policy, Standards and Compliance framework to ensure they are relevant, up to date, and enforced through the collaboration with senior leadership across the organization. • Develop and refine risk mitigation strategies and action plans to safeguard the organization against potential threats; provide clear and concise directives to perform a mitigation or compensating change in the environment. • Protect business applications in compliance with privacy, security, resiliency and data privacy through partnership with vendor, business, and IT stakeholders and leaders. • Own Security compliance projects / initiatives that eliminate or manage exposure to the identified risk. • Collaborate with compliance leaders to stay abreast of evolving healthcare regulations, standards, and federal/state laws. • Analyze and propose resources for projects or initiatives. • Communicate and collaborate with executives, managers, stakeholders, and contractors. • Collaborate with internal teams to ensure the secure development, deployment, and maintenance of internally developed healthcare applications. • Ensure there are security assessments and audits of applications, identifying vulnerabilities and oversee remediation efforts. • Provide day-to-day leadership, coaching, and development for the GRC, Technology, and security compliance team, ensuring team members have clear direction, actionable feedback, and the support needed to grow technical and leadership capabilities. • Set performance expectations, establish accountability, and guide the team through complex technical, compliance, and risk-mitigation work, ensuring high-quality execution and alignment with organizational priorities. • Foster a strong team culture centered on collaboration, transparency, and continuous improvement, proactively removing barriers, encouraging knowledge-sharing, and motivating the team to deliver consistent, high-impact results. • Coach and support Team Members through complex and high-impact situations, helping them build confidence, clarity, and sound decision-making • Work with consultants and lead projects with contractors when needed. • Provide input in strategic technical decisions and solutions to senior leadership. • Manage time effectively and ensure timely communications with stakeholders, leaders and team members in communication channels. • Focus on process improvement and process documentation efforts, reviewing staff and leader feedback for enhancements and changes. • Identify and provide solutions to operational issues to improve data and privacy protection. • Evaluate new regulatory statutes and determine its applicability and timing for implementation. • Understand and articulate the key technical and operational challenges to mitigate a threat. • Act as a Security compliance escalation point within the Cybersecurity team. • Provide compliance consultation, training, and support to leaders and Team Members.

• Work in a team, share knowledge, collaborate, and grow through the team's challenges. • Serve as a technical reference on topics related to your responsibilities. • Participate in projects and committees. • Act on vision, activities, processes, and procedures and assess scenarios to define the best architecture for information and cyber security. • Contribute to the creation of information security policies, processes and procedures, as well as RFPs and RFIs related to information security. • Be a reference and provide support to the team on information security solutions and architecture for on-premises and cloud environments. • Understand network environments, applications, solutions, and other assets to establish the best architecture and information security practices. • Manage projects and engage in committees, squads, and other forums to provide guidance on information security across diverse technologies, policies, and practices based on frameworks such as ISO 27001, NIST, CIS, and CSA; knowledge of GDPR and LGPD is a plus. • Actively participate in incident response, cyber exercises, cyber war games, CTFs, and other team and partner activities. • Stay alert to new vulnerabilities, scenarios, and trends in cyber threats.

• Act as a lead consultant on multiple client engagements with limited direction • Understand client business requirements and provide guidance throughout design, configuration and prototype, and assist clients with testing and move to Production efforts • Support clients during Annual Events such as: Annual Talent/Performance, Merit, Open Enrollment, ACA, etc. as needed • Partner with Engagement Managers to keep them informed of project status, changes, etc. • Collaborate with cross-functional counterparts to ensure clear lines of communication and project alignment • Accurately maintain forecast in a timely manner • Partner with the Sales team and serve as a Subject Matter Expert while assisting with sales presentations, demos, and LOEs • Stay up to date on industry knowledge, Workday enhancements, and be able to advise on Workday best practices • Build strong relationships with clients, gained through trust and exceptional customer service