• Assist in reviewing and updating security controls and documentation aligned with key security and compliance frameworks. • Assist with control gap assessments and documenting mitigation strategies. • Help prepare for security audits by collecting evidence to ensure compliance with industry standards. • Assist in maintaining GRC documentation, including security policies and standards. • Support vendor security risk assessments to ensure third-party compliance with company security standards. • Assist the team in building and maintaining metrics dashboards and reports. • Work with various business units to ensure controls are adequate, appropriate, and effective.

• Lead incident response and internal investigations through their full lifecycle, acting as a central point of coordination • Coordinate Digital Forensics and Incident Response (DFIR) activities with security teams, leadership, and external authorities when required • Aggregate and analyze security logs from multiple sources, producing clear and actionable reports for stakeholders • Develop and evolve the team vision aligned with company strategy for incident detection and response • Manage team capacity and priorities to ensure effective use of resources and timely resolution of incidents • Represent the SOC and DFIR team with internal partners across Security Operations and Security Risk Management • Foster a culture of trust , open communication, and collaborative problem-solving • Support team growth by identifying skill gaps, anticipating future needs, and proposing relevant training

• Lead high-performing IT team through recruitment, training, mentoring, and leadership. • Develop and execute a comprehensive IT strategy aligned with business objectives. • Provide visionary leadership, fostering innovation and continuous improvement. • Support and manage vendors through security audits required for PCI, SOC2, and.or ISO27001, and SOX • Collaborate with cross-functional teams to identify business needs and opportunities. • Establish and enforce infosec policies, procedures, and best practices. • Assess, manage, and mitigate security risks; swiftly resolve incidents. • Conduct security audits to ensure compliance with regulations and standards. • Oversee IT infrastructure, ensuring scalability, availability, and performance. • Manage vendor relationships, negotiate tech contracts. • Support team growth and development; promote collaborative and inclusive culture.

• Serve as the Security Lead and Subject Matter Expert (SME) for all environments, including cloud infrastructure, and on-premises systems. • Continuously assess and evolve the organization’s security posture—driving program maturity through strategic assessments, road mapping, stakeholder alignment, and project execution. • Monitor the external threat landscape to identify emerging attack vectors, vulnerabilities, and adversary tactics—translating threat intelligence into actionable insights that inform security strategy, initiatives and controls. • Ensure security practices and controls align with regulatory requirements, including FDA and HIPAA, and fulfill the requirements and obligations of the HIPAA security officer. • Support commercial functions by responding to customer cybersecurity due diligence questionnaires and security assessments—articulating Outset’s security posture, controls, and compliance practices directly to Customers. • Lead the vendor security risk assessment process—evaluating third-party partners for compliance with Outset’s security standards, identifying potential risks, and ensuring appropriate controls are in place. • Conduct technical evaluations of system architecture with a focus on security design and compliance, leveraging frameworks such as NIST CSF and NIST SP 800-53. • Provide strategic leadership in identifying, assessing, and mitigating information security risks; ensure alignment with internal policies and external standards. • Monitor emerging threats and lead the organization’s response to security incidents, serving as the primary control point and convening the Incident Response Team to investigate, contain, and resolve events. • Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks, and organizational risk tolerance. • Influence technology and architecture decisions as a key member of the IT leadership team.