Principal Cyber Risk Advisor, Cybersecurity M&A

GE Vernova

1d•Remote

About The Position

GE Vernova is seeking a Principal Cyber Risk Advisor, Cybersecurity M&A to lead cybersecurity due diligence and post-close execution across a global portfolio of mergers, acquisitions, divestitures, carve-outs, joint ventures, minority investments, and other strategic transactions. This is a highly visible senior role responsible for representing cybersecurity across the full deal lifecycle—shaping strategy, identifying and quantifying risk, guiding Day 1 readiness, and driving integration and separation plans across both enterprise IT and OT/ICS environments. The ideal candidate brings deep technical expertise across core cyber domains and can translate complex technical findings into business impact, transaction implications, and executive decision support. This leader will work across GE Vernova businesses and functions to ensure transactions align with enterprise cybersecurity practices, standards, and risk expectations. The role also requires forward-thinking leadership in the use of AI-enabled capabilities to improve cybersecurity M&A processes, risk insights, and execution speed. Success in this role requires strong judgment, technical depth, executive communication skills, and the ability to operate with urgency and flexibility in a fast-moving deal environment.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Engineering, Information Systems, or a related field from an accredited university or college, or equivalent experience.
Significant cybersecurity experience, including leadership in M&A cybersecurity due diligence, integration, separation, or transaction-related cyber risk management.
Strong technical depth across multiple cybersecurity domains in both enterprise IT as well as OT/ICS environment segmentation.
Experience applying cybersecurity frameworks and standards such as NIST CSF, NIST SP 800-53, NIST SP 800-171, and NIST SP 800-82.
Demonstrated ability to assess and quantify cyber risk and translate technical findings into business and transaction impact.
Experience working in complex, cross-functional, matrixed environments with senior stakeholders.
Strong written and verbal communication skills, including executive-level presentations and decision support.
Experience leading external partners, assessors, consultants, or managed service providers.
Ability to operate with urgency, manage ambiguity, and adapt quickly to changing transaction priorities.
Willingness and ability to travel 20–30%, including international travel, based on business needs and deal activity.

Nice To Haves

10+ years of cybersecurity experience with significant depth in transaction-related work.
Experience across both IT and OT/ICS cybersecurity, including industrial control environments, segmentation, and resilience.
Familiarity with NERC CIP or other critical infrastructure regulatory expectations.
Experience influencing transaction terms, TSA structures, Day 1 control requirements, and post-close remediation strategies.
Experience in energy, power, renewables, grid, industrial, or other critical infrastructure sectors.
Familiarity with clean-room operations, confidential data handling, and cross-border diligence requirements.
Experience with cyber risk quantification methodologies aligned to cybersecurity playbooks and practices.
Knowledge of AI, analytics, or automation applications in cybersecurity and the ability to help shape practical M&A use cases.
Relevant certifications such as CISSP, CISM, CRISC, CISA, GICSP, CCSP, CCSK, or cloud security certifications.

Responsibilities

Lead cybersecurity due diligence for acquisitions, divestitures, carve-outs, joint ventures, minority investments, and other strategic transactions across GE Vernova’s global portfolio.
Serve as a primary cybersecurity lead across the transaction lifecycle, from early-stage diligence and pre-sign assessments through closing, Day 1 readiness, and 30/60/100-day execution.
Represent the Cyber function holistically in M&A activities, while assessing risks and ensuring alignment with GE Vernova cybersecurity standards, controls, playbooks, and strategic priorities, including: Identity and access management (IAM), Network security, segmentation, and zero trust, Cloud security, Application and infrastructure security, Endpoint security and EDR, Data protection and governance, Logging, monitoring, and security operations, Vulnerability and exposure management, Third-party cyber risk, Incident response, Business continuity and disaster recovery, OT/ICS cybersecurity and operational resilience.
Lead cyber diligence activities aligned to recognized frameworks and standards, including NIST CSF, NIST SP 800-53, NIST SP 800-171, and NIST SP 800-82, while applying GE Vernova cybersecurity practices and expectations.
Quantify cyber risk and remediation requirements and translate findings into business terms, including transaction risk, remediation investment, Day 1 requirements, TSA needs, and post-close priorities.
Drive Day 1 cybersecurity readiness, including minimum control requirements, risk-based exceptions, interim safeguards, and stabilization planning.
Build and execute 30/60/100-day cybersecurity integration or separation plans and support long-term roadmap development.
Develop and maintain repeatable playbooks, templates, and standards for cyber diligence, integration, separation, and post-close execution.
Lead safe, practical strategies for OT/ICS integration and separation, including segmentation, cyber resilience, and operational continuity considerations.
Establish secure data-sharing, clean-room, and transaction confidentiality protocols in partnership with Legal, Privacy, and other stakeholders.
Partner closely with Digital Technology M&A/PMO, Business Development, Legal, Privacy, Finance, Insurance, Sourcing, business leaders, and cybersecurity teams across GE Vernova.
Lead and manage external cybersecurity advisors and service providers supporting diligence, testing, regulatory advisory, and execution activities.
Prepare executive-ready cyber risk summaries, decision materials, and recommendations for senior stakeholders.
Track and report key performance indicators related to diligence quality, execution speed, Day 1 readiness, TSA reduction, and post-close remediation progress.
Help define and advance AI use cases for cybersecurity M&A, including opportunities to improve diligence efficiency, risk analysis, control mapping, remediation prioritization, and integration planning, in alignment with GE Vernova governance and responsible AI requirements.

Benefits

Medical, dental, vision, and prescription drug coverage
Access to Health Coach from GE Vernova, a 24/7 nurse-based resource
Access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services
GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions
Access to Fidelity resources and financial planning consultants
Tuition assistance
Adoption assistance
Paid parental leave
Disability benefits
Life insurance
12 paid holidays
Permissive time off