• Evaluate, deploy, integrate, and optimize security tooling — including SAST, DAST, SCA, IAST, container scanning, SBOM generation, secrets detection, and API security testing — across CI/CD pipelines and developer workflows • Build automated workflows for vulnerability ingestion, prioritization, remediation tracking, and reporting, integrating with platforms such as GitHub Actions, Azure DevOps, Jenkins, Jira, and SIEM tools • Drive enterprise vulnerability management initiatives, including prioritization frameworks, SLA tracking, remediation velocity improvements, and security posture dashboards • Embed security-by-design principles into the SDLC, developing security guardrails and policy-as-code capabilities for cloud and application environments • Partner with DevOps and CI/CD teams to improve automated security validation, release governance, and software supply chain security • Serve as a senior technical advisor on application security, influencing engineering and product roadmaps to improve platform security and operational resilience • Mentor engineers and security practitioners on secure development and DevSecOps best practices

• Lead and execute the IT SOX program, including annual scoping, risk assessments, control design, testing strategy, and deficiency remediation • Own and continuously improve the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) ensuring alignment with SOX and COSO standards • Serve as the primary liaison to Internal and External Audit, driving efficient audit execution and high-quality outcomes • Partner closely with Finance and Internal Audit to co-develop control narratives, risk assessments, and audit committee materials • Drive the evolution of the Enterprise Risk Management (ERM) program for IT and Cybersecurity risks, including facilitating cross-functional risk workshops and maintaining the enterprise risk register • Translate technical risks into business-relevant insights and provide clear reporting to executive stakeholders, including the CIO and Audit Committee • Lead risk lifecycle activities including risk identification, assessment, mitigation planning, and ongoing monitoring • Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and inform decision-making • Author and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks • Evaluate and integrate GRC tools, automation, and analytics to enhance control monitoring and reporting capabilities • Review and assess third-party risk through SOC1/SOC2 and other service provider assurance reports • Lead and develop a small team (or provide functional leadership), fostering growth, accountability, and high performance • Drive cross-functional initiatives and special projects that strengthen governance, risk posture, and operational resilience

• Monitor, assess, and manage security risks related to open-source software dependencies, CVEs, and third-party components • Triage and validate vulnerabilities across applications, containers, infrastructure, and dependencies — prioritizing by exploitability, exposure, and business impact • Coordinate patch management initiatives and support automated patch deployment workflows with Release Engineering and DevOps teams • Support and expand the Security Champion program, partnering with developers to improve secure coding awareness and adoption • Integrate security controls into CI/CD pipelines and automate vulnerability scanning, dependency analysis, and security reporting • Develop playbooks, documentation, and educational materials that promote self-service security within engineering teams • Contribute to threat modeling, secure architecture discussions, and continuous improvement of secure SDLC processes

• Define and enforce network security architecture standards • Provide technical leadership and mentorship to security and network engineering teams • Lead network security assessments, including threat modeling and intrusion detection • Develop and deploy advanced security automation and tooling • Collaborate with network engineers to integrate security controls • Participate in incident response efforts for network security incidents • Drive the security review process for network infrastructure changes • Promote security best practices through documentation and collaboration