Role Summary/Purpose 

The Staff Risk Analyst will be responsible for advising and supporting mergers and acquisitions (M&A) teams on cybersecurity and risk management issues during the due diligence, transaction, and post-merger integration phases. This role requires expertise in both cybersecurity and M&A processes, as well as the ability to assess, identify, and mitigate cyber risks related to the acquisition or merger of businesses. The applicant will work closely with internal stakeholders (e.g., legal, finance, and technology teams) and external partners (e.g., legal advisors, consultants, and third-party vendors) to ensure that cybersecurity risks are effectively managed throughout the deal lifecycle. 

Essential Responsibilities 

• Work with the Cyber MA&D team in conducting cybersecurity due diligence for mergers, acquisitions, and divestitures, including assessing target company's security posture, threat landscape, vulnerabilities, identifying risks, regulatory requirements, developing risk mitigation plans, reviewing technical documentation, interviewing key stakeholders, and performing risk analyses. 

• Monitor cybersecurity trends, industry best practices, emerging threats and regulatory requirements relevant to M&A transactions (e.g., cybersecurity laws, data protection regulations), and provide recommendations to mitigate cybersecurity risks associated with TSA arrangements and MA&D activities. 

• Collaborate closely with cross-functional teams, including Business Development, Digital Technology M&A team, other Digital Technology teams, Legal & Compliance to ensure alignment on cybersecurity requirements and priorities throughout the M&A process. 

• Work with the TSA Management team in the successful execution of TSA arrangements, including monitoring TSA performance, resolving disputes, and ensuring timely TSA termination. Support post-transaction integration efforts by assisting with the implementation of cybersecurity controls and processes to safeguard acquired assets and data. 

• Develop and maintain best practices and procedures, implement tools to ensure security & compliance prior, during and post deals 

Basic Qualification 

• Bachelor's degree or equivalent knowledge or experience in Cybersecurity, Information Technology, Computer Science, Information Systems or related field, with minimum of strong experience in Information Security or proven experience of Information Security experience with a Master’s degree or equivalent knowledge or experience. 

• Advanced certifications (e.g., CISSP, CISM, CISA, CIPP) are a plus. 

Desired Characteristics 

• Ability to plan and provide structure and organization in a fast paced, changing environment.  

• Strong business analysis and problem-solving skills  

• Ability to decompose problems and make decisions when problems or solutions are not 100% defined  

• Evaluates products & processes to assure compliance.  

• Measures the impact of trends (cyclical or a shift) and takes action.  

• Ability to interact at all levels of the organization, and with other GE businesses and partners   

• Proactively engages with cross-functional teams to resolve issues and design solutions using critical thinking and analytical skills and best practices  

• Excellent written and oral communication skills and the ability to interface with senior leadership with confidence and clarity  

• In-depth knowledge of cybersecurity frameworks, industry standards, and regulatory requirements (e.g., ISO 27001, NIST, GDPR, CCPA). 

• Influences and energizes others toward the common vision and goal.  

• Maintains excitement for a process and drives to new directions of meeting the goal in the face of unfavorable odds and setbacks