Key Responsibilities:
M&A Due Diligence:
Conduct comprehensive cybersecurity assessments of potential acquisition targets, evaluating their adherence to cybersecurity frameworks such as NIST, ISO 27001, SOC2 or CIS Controls.
Identify and analyze security risks and vulnerabilities within target organizations' IT infrastructure, applications, and data assets.
Collaborate with cross-functional teams to assess the potential impact of cybersecurity risks on business operations and objectives.
Integration Support:
Work closely with infrastructure teams to develop and implement security enhancements during the integration of acquired entities.
Assist in the design and deployment of security controls and technologies to protect against potential threats and breaches.
Engage with business units to ensure the seamless integration of security measures into existing processes and workflows.
Governance and Compliance:
Ensure compliance with relevant cybersecurity regulations, industry standards, and internal policies throughout the M&A process.
Assist in the development and implementation of cybersecurity governance frameworks, policies, and procedures.
Provide guidance and support to business and IT teams on adherence to cybersecurity governance requirements and best practices.
Risk Management:
Assess and prioritize cybersecurity risks associated with M&A activities, taking into account technical vulnerabilities and business impact.
Develop risk mitigation strategies and action plans in collaboration with stakeholders, implementing controls to reduce exposure to cyber threats.
Monitor and track the effectiveness of risk mitigation measures, adjusting strategies as needed to address emerging threats and vulnerabilities.

Incident Response:
Participate in incident response activities related to cybersecurity incidents affecting acquired entities, including detection, analysis, and containment.
Collaborate with incident response teams to investigate security breaches, assess their impact, and coordinate remediation efforts.
Document incident response procedures and lessons learned to improve incident handling processes and enhance cyber resilience.
Qualifications:
Bachelor's degree in Computer Science, Information Security, or related field.
8 years of experience in cybersecurity, with a focus on M&A due diligence, integration, and risk management.
Strong understanding of cybersecurity frameworks, governance principles, and compliance requirements.
Proficiency in conducting security assessments, risk assessments, and vulnerability management.
Excellent communication and collaboration skills, with the ability to work effectively with technical and non-technical stakeholders.
Relevant certifications such as CISSP, CISM, or CISA are preferred.
Demonstrated ability to work in a fast-paced, dynamic environment, with a proactive and results-oriented mindset.