Key skills
Risk ManagementCommunication
About this role
Role Overview
- Cultivate and maintain strong relationships with business stakeholders.
- Conduct threat intelligence for potential incoming target acquisition companies.
- Lead security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification and risk prioritization.
- Develop the security strategy for each incoming M&A; documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc. ahead of deal close to ensure that all members across SPA teams and relevant stakeholders are up-to-speed and understand the acquisition’s security posture.
- Partner closely with our corporate IT M&A counterparts throughout the acquisition due diligence process.
- Partner with the the M&A Security TPM to hand off active onboarding integration activities to ensure a smooth transition for the target acquisition personnel.
- Manage long term security and privacy risk management for the subsidiary after active onboarding completes, where applicable; ensuring that critical and high risk security risks are prioritized and mitigated/resolved.
- Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies.
- Develop metrics and reporting in partnership with the M&A Security TPM to communicate security and privacy M&A to SPA and other key stakeholders.
- Serve as the subject matter expert for the target on security, privacy, risk, and compliance.
Requirements
- You can easily partner and forge relationships with cross-functional teams and stakeholders.
- You are a thoughtful and responsible security professional
- someone who is self-motivated and can proactively seek input.
- You have excellent written and verbal communication skills, with the ability to translate highly complex technical security concepts into business impact for a non-technical audience.
- You have a detailed understanding of the legal concepts surrounding M&As
- You have experience conducting threat intelligence and/or security and privacy due diligence for M&A’s.
- You have breadth across multiple security domains
- You have a strong understanding of information security, risk and data privacy, especially as it applies to Mergers & Acquisitions.
- You have a strong technical / development background, as well as the ability to talk through technical implementation.
- You care deeply about creating a team that models psychological safety and inclusivity, where team members can do their best work.
- You are self-motivated and can deal well with ambiguity, and are selfless when it comes to getting work done and leaning on experts.
Benefits
- Health Plans
- Mental Health support
- 401(k) Retirement Plan with employer match
- Stock Option Program
- Disability Programs
- Health Savings and Flexible Spending Accounts
- Family-forming benefits
- Life and Serious Injury Benefits
- paid leave of absence programs.
- Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off.
- Full-time salaried employees are immediately entitled to flexible time off.