• Support the Rimini Protect! Security Services team to research threats, vulnerabilities, and weaknesses that affect the products and services supported and delivered by Rimini Street. • Work with the Rimini Protect team to research the applicability of reported Vulnerabilities to understand the weaknesses and exposures, determine applicable mitigations, and assist in the documentation of those mitigations. • Write, document and recommend work arounds and mitigations to assist in the development of new solutions and security controls that will be utilized by Rimini Street clients to proactively address vulnerabilities from a 0-day context as well as our regularly schedule Security Vulnerability Analysis Report (SVAR). • Closely work with the Client Success Managers (CSM) to conduct, review and make recommendations in the process of conducting a Security Audit for the customer’s ERP solution and Database environment.

• Konzeption, Umsetzung und Pflege von IT-Sicherheits- und Gesamtsicherheitskonzepten, inkl. Überführung in ein DB-gestütztes Content-Management-Systemen • Durchführung von Risikoanalysen, Schutzbedarfsfeststellungen sowie Ableitung geeigneter Maßnahmen • Coaching und fachliche Unterstützung bei der Erstellung, Pflege und Weiterentwicklung von IT-Sicherheitskonzepten und -Richtlinien • Beratung von technischen Produktverantwortlichen und IT-Sicherheitsverantwortlichen, insbesondere im Umgang mit dem ISMS-Tool • Abstimmung und Umsetzung neuer IT-Grundschutz- und BSI-Anforderungen in bestehenden Sicherheitskonzepten • Durchführung von internen Audits nach Vorgaben sowie Unterstützung bei IT-Sicherheitsanfragen • Erstellung, Review und Pflege aller mit geltenden sicherheitsrelevanten Dokumentationen

• Provide cybersecurity advisory support to IT and business stakeholders • Administer, maintain, and optimise enterprise security tools • Conduct daily and scheduled health checks on security platforms • Monitor, analyse, and triage tool outputs • Manage and resolve cybersecurity tooling and advisory service requests • Develop and maintain operational documentation • Collaborate with Cybersecurity Operations, Infrastructure, and Architecture teams • Identify opportunities to streamline, automate, and improve cybersecurity tooling processes

• Lead and manage the GRC and Security Engineering teams, including strategy, objectives, staffing, coaching, and performance management. • Own governance, risk, and compliance programs. Maintain ISO 27001 and related controls. Drive audit readiness for HIPAA and other frameworks. Coordinate policy lifecycle management and control testing. • Run vendor assessment and qualification program. Oversee third party risk management, due diligence, contractual security requirements, and continuous monitoring. • Provide AI related security assessments and guidance. Establish acceptable use guardrails for AI, assess model and data risks, and advise on controls for AI enabled solutions. • Oversee security architecture for cloud environments and enterprise platforms. Partner with engineering on secure design for AWS, Azure, identity, network, and data protection. • Direct security engineering operations. Manage EDR and threat detection with CrowdStrike, SIEM operations, CSPM posture management, vulnerability management, and SOAR automation. • Lead incident response readiness and execution. Run tabletop exercises, coordinate investigations, and deliver root cause and lessons learned. • Own and manage security budgets, multiyear planning, vendor contracts, and cost optimization while meeting control objectives. • Report program status and risk posture to executives and the board. Define and track KPIs and KRIs. Communicate clearly with technical and non technical stakeholders. • Establish and enforce secure software development practices and SDLC controls with engineering leadership. • Maintain a current security roadmap and maturity plan aligned to business priorities. • Oversee metrics, dashboards, and reporting for program performance and risk reduction. • Coordinate with Legal, Privacy, and Compliance on regulatory obligations and customer security assessments. • Champion security awareness training and culture, sponsor targeted training for engineering and high risk roles. • Evaluate, select, and manage strategic security vendors and platforms, drive successful implementations and integrations. • Represent security in customer meetings and due diligence, provide credible technical and compliance answers.