• Develop, implement, and maintain effective governance frameworks and policies to ensure organizational alignment with industry best practices and applicable regulatory compliance. • Own the IT Policy, Standards and Compliance framework to ensure they are relevant, up to date, and enforced through the collaboration with senior leadership across the organization. • Develop and refine risk mitigation strategies and action plans to safeguard the organization against potential threats; provide clear and concise directives to perform a mitigation or compensating change in the environment. • Protect business applications in compliance with privacy, security, resiliency and data privacy through partnership with vendor, business, and IT stakeholders and leaders. • Own Security compliance projects / initiatives that eliminate or manage exposure to the identified risk. • Collaborate with compliance leaders to stay abreast of evolving healthcare regulations, standards, and federal/state laws. • Analyze and propose resources for projects or initiatives. • Communicate and collaborate with executives, managers, stakeholders, and contractors. • Collaborate with internal teams to ensure the secure development, deployment, and maintenance of internally developed healthcare applications. • Ensure there are security assessments and audits of applications, identifying vulnerabilities and oversee remediation efforts. • Provide day-to-day leadership, coaching, and development for the GRC, Technology, and security compliance team, ensuring team members have clear direction, actionable feedback, and the support needed to grow technical and leadership capabilities. • Set performance expectations, establish accountability, and guide the team through complex technical, compliance, and risk-mitigation work, ensuring high-quality execution and alignment with organizational priorities. • Foster a strong team culture centered on collaboration, transparency, and continuous improvement, proactively removing barriers, encouraging knowledge-sharing, and motivating the team to deliver consistent, high-impact results. • Coach and support Team Members through complex and high-impact situations, helping them build confidence, clarity, and sound decision-making • Work with consultants and lead projects with contractors when needed. • Provide input in strategic technical decisions and solutions to senior leadership. • Manage time effectively and ensure timely communications with stakeholders, leaders and team members in communication channels. • Focus on process improvement and process documentation efforts, reviewing staff and leader feedback for enhancements and changes. • Identify and provide solutions to operational issues to improve data and privacy protection. • Evaluate new regulatory statutes and determine its applicability and timing for implementation. • Understand and articulate the key technical and operational challenges to mitigate a threat. • Act as a Security compliance escalation point within the Cybersecurity team. • Provide compliance consultation, training, and support to leaders and Team Members.

• Work in a team, share knowledge, collaborate, and grow through the team's challenges. • Serve as a technical reference on topics related to your responsibilities. • Participate in projects and committees. • Act on vision, activities, processes, and procedures and assess scenarios to define the best architecture for information and cyber security. • Contribute to the creation of information security policies, processes and procedures, as well as RFPs and RFIs related to information security. • Be a reference and provide support to the team on information security solutions and architecture for on-premises and cloud environments. • Understand network environments, applications, solutions, and other assets to establish the best architecture and information security practices. • Manage projects and engage in committees, squads, and other forums to provide guidance on information security across diverse technologies, policies, and practices based on frameworks such as ISO 27001, NIST, CIS, and CSA; knowledge of GDPR and LGPD is a plus. • Actively participate in incident response, cyber exercises, cyber war games, CTFs, and other team and partner activities. • Stay alert to new vulnerabilities, scenarios, and trends in cyber threats.

• Act as a lead consultant on multiple client engagements with limited direction • Understand client business requirements and provide guidance throughout design, configuration and prototype, and assist clients with testing and move to Production efforts • Support clients during Annual Events such as: Annual Talent/Performance, Merit, Open Enrollment, ACA, etc. as needed • Partner with Engagement Managers to keep them informed of project status, changes, etc. • Collaborate with cross-functional counterparts to ensure clear lines of communication and project alignment • Accurately maintain forecast in a timely manner • Partner with the Sales team and serve as a Subject Matter Expert while assisting with sales presentations, demos, and LOEs • Stay up to date on industry knowledge, Workday enhancements, and be able to advise on Workday best practices • Build strong relationships with clients, gained through trust and exceptional customer service

• Coordinate with partners to implement solutions that protect the company, its systems, and data • Work with IT staff to improve the security of our services • Design technical solutions to address security weaknesses • Analyze system services, spot issues in code, networks, and applications from a security perspective • Provide penetration testing support, project security reviews, and application scanning processes throughout the stages of the software development lifecycle • Track security vulnerabilities and exposure in third-party libraries and manage mitigation implementations • Work to mature internal libraries, build systematic protections for classes of vulnerabilities • Manage third-party code reviews for high-exposure projects • Integrate static analysis into our continuous integration process