• Lead high-value, billable Zero Trust transformation engagements, converting complex security challenges into resilient architectural outcomes for enterprise clients. • Serve as a trusted advisor to C-suite executives and technical teams, translating business risk into actionable security architectures aligned with NIST and CISA frameworks. • Assess enterprise architectures to expose hidden zones of implicit trust, analyze telemetry to identify visibility gaps, and design risk-based control sets that prioritize least-privilege access. • Design and deliver end-to-end Zero Trust architectures across IAM, network, endpoint, and cloud domains, producing clear roadmaps toward an optimized security posture. • Proactively collaborate with clients and internal teams to scope new opportunities, draft statements of work, and respond to Requests for Proposals (RFPs). • Audit the technical integration of SASE, Identity, and XDR solutions to ensure they function as a unified, automated security fabric. • Drive thought leadership by developing intellectual property, presenting at industry events, and mentoring team members to enhance our collective expertise.

• This role is client-facing and requires the Principal Consultant to lead and produce deliverables based on cyber risk management (CRM) client engagements. • The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to drive the security priorities of the security operations management, security operations center (SOC) staff, and Information Security team. • Principal Consultants will help drive Proactive Consulting Services with SOC assessments. • This individual will be the trusted advisor to grow partnerships and assist customers to get and stay healthy from a cyber security perspective • Lead security audits of client’s security operations program, to include security organization and functions, processes, and technology • Analyze the current level of monitoring and alerting within the enterprise and provide a gap analysis on visibility of assets, log coverage, and detection effectiveness • Conduct general cyber risk assessments using framework or standards like MITRE ATT&CK, NIST 800-61r2, NIST CSF, ISO 27001/2, PCI, CIS Top 2, CMMD, or other industry measurement tools. • Utilize command-line interfaces or graphical user interfaces (GUI) of security tools to conduct technical and control set validation • Assess client security architecture, implementations and integration of security monitoring and endpoint/network and cloud protection tooling to understand the technical implementations of security controls • Assess SOC effectiveness of Vulnerability Management and threat exposure mitigation • Advise and develop SOC initiative roadmaps and recommendations for clients to further secure their environments. • Scope new opportunities with prospective clients, including drafting statements of work and proposals

• Lead Zero Trust transformations and turning complex security challenges into resilient architectures for enterprise clients • Run security engagements that include Managing risk assessments, audits, policy development, and incident response tabletop exercises • Act as a Trusted Advisor by translating business risks into actionable security plans for C-suite executives and technical teams • Use knowledge of threat actors, MITRE ATT&CK, and AI security to improve client defenses • Build Zero Trust roadmaps across Identity (IAM), network, endpoint, and cloud domains • Identify vulnerabilities and audit enterprise architectures to find 'hidden trust' zones and visibility gaps; design 'least-privilege' controls • Perform security assessments across AWS, Azure, and GCP • Ensure SASE, Identity, and XDR tools work together as one automated system • Guide clients using NIST CSF, ISO, CIS, and CISA frameworks • Oversee project scoping, budgets, and risk mitigation for multiple simultaneous engagements • Drive growth of practice by identifying new opportunities, growing existing client relationships, drafting Statements of Work (SOWs), and responding to RFPs • Create intellectual property, speak at industry events, and mentor junior team members

• Administers and maintains the corporate records management policy, translating requirements into system‑ready rules across data record repositories including shared drives, M365, and business systems. • Partners with relevant teams who own their retention schedules to ensure alignment with EMC standards and supports policy development, enforcement, and practical application. • Identifies automation and workflow opportunities. • Leads unstructured data cleanup initiatives in partnership with IT, enabling retention and disposal at scale. • Uses analysis and content discovery tools to drive defensible data reduction. • Partners with IT to ensure system configuration for retention, lifecycle automation, and secure disposal. • Collaborates with IT to test system tuning and ensures retention and deletion rules are correctly implemented. • Collaborates with Legal, Claims Legal, and IT to ensure the accurate suspension of destruction activities. • Maintains thorough documentation and audit trails for litigation readiness. • Conducts regular audits of data record repositories to verify retention compliance, storage practices, accuracy, and disposal documentation. • Summarizes findings and recommends technical and process improvements. • Guides business units on retention and classification, including file storage standards, repository use, naming conventions, version management, and digital hygiene practices. • Develops and delivers targeted training, job aids, and technical guidance to increase user adoption of standards and improve compliance behaviors related to records management. • Offers practical solutions that help business units manage information efficiently. • Supports the implementation of new tools and technologies for classification, indexing, digital archiving, and lifecycle management. • Engages in system evaluations, contributes to configuration decisions, and validates vendor functionality during implementation. • Prepares concise reports that summarize repository risk, compliance status, automation opportunities, and progress toward records management remediation goals. • Communicates actionable recommendations to Compliance and IT leadership. • Oversees off‑site physical storage processes by allocating storage costs, coordinating destruction orders, and updating suppliers. • Supports business units with content reporting and assists Administration with retrieval and fulfillment requests as needed. • Researches regulatory and industry best practices of records management requirements, analyzes gaps in existing processes and systems, and delivers targeted recommendations to strengthen compliance and reduce operational risk.