• Implement and lead internal initiatives that reinforce the security program’s commitment to security. • Collaborate closely with internal teams—including security awareness and training, communications, and executive leadership. • Develop and promote initiatives that embed security values and achievements throughout the organization. • Ensure the organization’s security values are visible, trusted, and respected by internal and external stakeholders. • Help shape a strong security culture at Jamf by being an advocate or “security champion”. • Support business growth and strengthen the organization’s reputation with customers and business partners. • Develop content and communication strategies to engage Jamf employees at all levels. • Establish and monitor mechanisms for employees to report security issues or concerns. • Collaborate with awareness and training personnel to develop training material on the value of security as a business enabler. • Develop and monitor KPIs and metrics to gauge the success of the program. • Position the organization as an industry leader in security by promoting expert insights, white papers, and speaking engagements for security leaders. • Coordinate participation in industry events, conferences, and panels to strengthen brand presence and authority in cybersecurity.

• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.

• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.

• Serve as principal advisor to the GSC on all matters related to the PA compliance and any other applicable matters. • Maintain and enforce all obligations under the approved PA and APO, including visit controls, the Electronic Communications Plan, and the Technology Control Plan. • Serve as the primary point of contact with DCSA for all matters related to facility clearances, annual compliance reporting, and all FOCI mitigation oversight. • Review and approve all affiliate contacts, visits and communications between CPS and the parent company in accordance with the approved visit controls procedures. • Develop and maintain a FOCI mitigation instrument (Security Control Agreement, Special Security Agreement, or equivalent) in coordination with outside counsel on FOCI mitigation matters and any open compliance questions. • Establish and maintain all required DSS/DCSA-mandated records, plans, and programs. • Administer personnel security clearance processing end-to-end via JPAS/DISS, including nominations, investigations, and visit certifications. • Advise employees and managers on clearance eligibility, adjudicative guidelines, and ongoing reporting obligations. • Maintain a current and accurate roster of cleared personnel and access authorizations. • Lead Collibra's Insider Threat Program, including a multi-disciplinary hub and reporting mechanisms. • Develop and deliver annual and ongoing security education and awareness training for cleared and uncleared personnel. • Conduct self-inspection programs and prepare for DCSA facility reviews and annual compliance audits. • Serve as a trusted advisor to the General Manager and the GSC senior leadership on all security and compliance matters related to the government business. • Partner with independent legal counsel on export control compliance, including ITAR/EAR obligations as they intersect with CPSs products and services. • Support contract compliance and bid activities requiring security documentation or clearance certifications. • Coordinate incident investigations involving potential unauthorized disclosure, fraud, or insider threat, and ensure prompt reporting to GSC and DCSA as required.