Job Description:
• Cultivate and maintain strong relationships with business stakeholders.
• Conduct threat intelligence for potential incoming target acquisition companies.
• Lead security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification and risk prioritization.
• Develop the security strategy for each incoming M documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc. ahead of deal close to ensure that all members across SPA teams and relevant stakeholders are up-to-speed and understand the acquisition’s security posture.
• Partner closely with our corporate IT M&A counterparts throughout the acquisition due diligence process.
• Partner with the the M&A Security TPM to hand off active onboarding integration activities to ensure a smooth transition for the target acquisition personnel.
• Manage long term security and privacy risk management for the subsidiary after active onboarding completes, where applicable; ensuring that critical and high risk security risks are prioritized and mitigated/resolved.
• Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies.
• Develop metrics and reporting in partnership with the M&A Security TPM to communicate security and privacy M&A to SPA and other key stakeholders.
• Serve as the subject matter expert for the target on security, privacy, risk, and compliance.
Requirements:
• You can easily partner and forge relationships with cross-functional teams and stakeholders.
• You are a thoughtful and responsible security professional - someone who is self-motivated and can proactively seek input.
• You have excellent written and verbal communication skills, with the ability to translate highly complex technical security concepts into business impact for a non-technical audience.
• You have a detailed understanding of the legal concepts surrounding M&As
• You have experience conducting threat intelligence and/or security and privacy due diligence for M&A’s.
• You have breadth across multiple security domains
• You have a strong understanding of information security, risk and data privacy, especially as it applies to Mergers & Acquisitions.
• You have a strong technical / development background, as well as the ability to talk through technical implementation.
• You care deeply about creating a team that models psychological safety and inclusivity, where team members can do their best work.
• You are self-motivated and can deal well with ambiguity, and are selfless when it comes to getting work done and leaning on experts.
Benefits:
• Health Plans
• Mental Health support
• 401(k) Retirement Plan with employer match
• Stock Option Program
• Disability Programs
• Health Savings and Flexible Spending Accounts
• Family-forming benefits
• Life and Serious Injury Benefits
• paid leave of absence programs.
• Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off.
• Full-time salaried employees are immediately entitled to flexible time off.