: Cybersecurity Specialist – Mergers & Acquisitions (M&A)

Key Responsibilities:

• Cybersecurity Assessments for M&A Activities:
• Conduct thorough cybersecurity assessments for acquisitions, following our standardize Security framework
• Identify risks across all cybersecurity domains, including governance, infrastructure, data protection, applications, and identity and access management.
• Cloud Security Evaluation:
• Assess cloud environments (e.g., Azure, AWS, Entra ID) for vulnerabilities, misconfigurations, and compliance gaps against the Security Policy
• Evaluate security posture using cloud-native tools (e.g., Azure Security Center, AWS Security Hub) and third-party solutions.
• Risk Management and Reporting:
• Analyze and communicate cyber risks to various stakeholders, providing actionable insights and mitigation strategies.
• Develop detailed risk assessment reports and integrate findings into a Risk register
• Compliance and Regulatory Alignment:
• Ensure alignment with frameworks such as NIST, ISO 27001, GDPR, and other global regulations.
• Validate that cloud and on-premises environments meet required security and compliance standards.
• Post-Merger Integration:
• Oversee cybersecurity integration efforts, ensuring acquired entities adhere to the group security policies and practices.
• Develop and execute integration roadmaps for securing IT infrastructure, data, and operations.
• Collaboration and Stakeholder Engagement:
• Partner with M&A teams, group IT, and business stakeholders to align cybersecurity priorities and risks
• Communicate technical risks effectively to non-technical language

Key Competencies:

Technical Expertise in Cybersecurity

• In-depth knowledge of cybersecurity principles across all domains, including infrastructure, network security, identity and access management, data protection, and application security.
• Hands-on experience in assessing and securing cloud environments (e.g., Azure, AWS) and hybrid systems.
• Familiarity with tools and frameworks like NIST CSF, ISO 27001, CSA STAR, and related compliance standards.

Mergers & Acquisitions (M&A) Experience

• Proven ability to assess cybersecurity risks and opportunities during the M&A lifecycle, from due diligence to post-merger integration.
• Strong understanding of the unique challenges and time-sensitive nature of M&A activities.

Risk Assessment and Management

• Expertise in identifying, analysing, and quantifying cybersecurity risks.
• Ability to propose effective mitigation plans and integrate findings into broader risk management frameworks.

Cloud Security Knowledge

• Advanced understanding of cloud platforms (e.g., Azure, AWS), their architectures, and associated security services and controls.
• Competence in identifying vulnerabilities, misconfigurations, and risks in cloud-based environments.

Regulatory and Compliance Acumen

• Strong grasp of global regulatory requirements, including GDPR, HIPAA, and regional laws, and their application in M&A scenarios.
• Ability to assess target organizations’ compliance posture and develop action plans for alignment.

Communication and Stakeholder Management

• Excellent communication skills to convey technical risks and concepts clearly to non-technical stakeholders, including executives.
• Ability to collaborate with cross-functional teams, including legal, IT, and business units.

Analytical and Problem-Solving Skills

• Strong ability to analyse complex environments, prioritize risks, and make data-driven recommendations.
• Proactive mindset with the ability to anticipate and address challenges in dynamic M&A contexts.

Leadership and Initiative

• Capacity to lead cybersecurity assessments and integration efforts independently while coordinating with diverse teams.
• Commitment to driving continuous improvement and keeping up with emerging cybersecurity trends and threats.

Certifications and Continuous Learning

• Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security – Specialty, or Azure Security Engineer Associate.
• Commitment to staying updated on cybersecurity advancements, especially in cloud security and M&A processes.

Required Qualifications:

Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master’s preferred).

Extensive experience in cybersecurity leadership roles, ideally within large, multi-national organizations.

Proven track record of managing security programs, compliance initiatives, and risk management in a business-oriented environment.

Strong understanding of regulatory compliance, data protection, and third-party risk management.

Excellent communication and stakeholder management skills with the ability to influence across various levels of the organization.