M&A Cybersecurity Analyst - Contract

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, Business, or related field (or equivalent experience).
• 2 - 5 years of experience in cybersecurity risk assessment, due diligence, security consulting, vulnerability management, or related disciplines.
• Working knowledge of cybersecurity principles across network security, endpoint security, cloud environments, identity, application security, and threat intelligence.
• Strong analytical and critical thinking skills with the ability to prioritize risk with incomplete information.
• Experience applying security frameworks and structured risk evaluation methodologies.
• Excellent written communication skills with the ability to translate technical findings into clear business risk narratives.
• Demonstrated ability to manage multiple concurrent efforts within fast-moving, deadline-driven environments.

Nice To Haves

• Experience supporting mergers and acquisitions, consulting engagements, or structured cybersecurity assessment programs.
• Familiarity with investigative techniques such as OSINT research, cybersecurity incident history analysis, and external exposure discovery.
• Exposure to cybersecurity governance frameworks (ISO, NIST, CIS) within assessment or advisory contexts.
• Ability to evaluate security maturity and control effectiveness in environments with limited documentation or incomplete visibility.
• Professional certifications such as CISSP, CRISC, CISM, or equivalent.

Responsibilities

• Lead and support cybersecurity risk assessments for acquisition targets across varying levels of maturity and technical complexity.
• Analyze target IT environments to identify material security risks across infrastructure, applications, identity, cloud services, and historical incident activity.
• Conduct open-source intelligence (OSINT) research to identify external exposures and breach
• Apply established M&A cybersecurity evaluation methodologies to assess risk posture and highlight areas requiring remediation or enhanced monitoring.
• Translate technical findings into clear, executive-level risk narratives and actionable recommendations.
• Collaborate with M&A IT, divisional stakeholders, legal, and integration teams to validate findings and support remediation planning.
• Provide regular assessment updates to M&A leadership and project teams, including emerging risks, mitigation progress, and residual exposure.
• Identify recurring risk patterns across acquisitions and contribute to continuous improvement of due diligence methodologies and mitigation controls.
• Support development of metrics, dashboards, and KPI reporting to improve visibility into assessment quality, risk trends, and program effectiveness.
• Review and interpret due diligence artifacts provided by acquisition targets and internal M&A IT teams.
• Draft cybersecurity risk assessment memorandums that clearly articulate material risks, likelihood, and potential business impact.
• Coordinate stakeholder reviews, approvals, and management action alignment for assessment deliverables.
• Participate in peer review and quality assurance processes to maintain consistency and accuracy across assessments.
• Recognize cross-deal trends and recommend enhancements to due diligence processes, tooling, and reporting.

Benefits

• Medical/dental/vision plans, which start from day one!
• Life and accident insurance
• 401(K) and Roth options
• Tax-advantaged accounts (HSA, FSA)
• Educational expense reimbursement
• Paid parental leave
• Digital mental health services (Talkspace)
• Flexible work hours (availability varies by office and job function)
• Training programs
• Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing
• Charitable matching gift program