Sr. Cybersecurity Risk Analyst (M&A)

Position Summary :

Group Security is seeking an experienced Cybersecurity Specialist – Mergers & Acquisitions (M&A) with a strong background in evaluating and mitigating cybersecurity risks across all domains, particularly in cloud environments such as Azure and AWS and Entra ID. This role involves conducting comprehensive cybersecurity assessments during the M&A lifecycle, identifying risks, and ensuring alignment with regulatory, legal, and compliance requirements. The ideal candidate will have hands-on expertise in cloud security, governance, risk management, and post-merger integration strategies. This is a high-impact position requiring collaboration with cross-functional teams to safeguard our organization’s investments and ensure a seamless integration of acquired entities.

Key Competencies :

Technical Expertise in Cybersecurity

In-depth knowledge of cybersecurity principles across all domains, including infrastructure, network security, identity and access management, data protection, and application security.

Hands-on experience in assessing and securing cloud environments (e.g., Azure, AWS) and hybrid systems.

Familiarity with tools and frameworks like NIST CSF, ISO 27001, CSA STAR, and related compliance standards.

Mergers & Acquisitions (M&A) Experience

Proven ability to assess cybersecurity risks and opportunities during the M&A lifecycle, from due diligence to post-merger integration.

Strong understanding of the unique challenges and time-sensitive nature of M&A activities.

Risk Assessment and Management

Expertise in identifying, analysing, and quantifying cybersecurity risks.

Ability to propose effective mitigation plans and integrate findings into broader risk management frameworks.

Cloud Security Knowledge

Advanced understanding of cloud platforms (e.g., Azure, AWS), their architectures, and associated security services and controls.

Competence in identifying vulnerabilities, misconfigurations, and risks in cloud-based environments.

Regulatory and Compliance Acumen

Strong grasp of global regulatory requirements, including GDPR, HIPAA, and regional laws, and their application in M&A scenarios.

Ability to assess target organizations’ compliance posture and develop action plans for alignment.

Communication and Stakeholder Management

Excellent communication skills to convey technical risks and concepts clearly to non-technical stakeholders, including executives.

Ability to collaborate with cross-functional teams, including legal, IT, and business units.

Analytical and Problem-Solving Skills

Strong ability to analyse complex environments, prioritize risks, and make data-driven recommendations.

Proactive mindset with the ability to anticipate and address challenges in dynamic M&A contexts.

Leadership and Initiative

Capacity to lead cybersecurity assessments and integration efforts independently while coordinating with diverse teams.

Commitment to driving continuous improvement and keeping up with emerging cybersecurity trends and threats.

Certifications and Continuous Learning

Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security – Specialty, or Azure Security Engineer Associate.

Commitment to staying updated on cybersecurity advancements, especially in cloud security and M&A processes.

Required Qualifications :

Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master’s preferred).

Extensive experience in cybersecurity leadership roles, ideally within large, multi-national organizations.

Proven track record of managing security programs, compliance initiatives, and risk management in a business-oriented environment.

Strong understanding of regulatory compliance, data protection, and third-party risk management.

Excellent communication and stakeholder management skills with the ability to influence across various levels of the organization.