Information Security Architect – Mergers and Acquisitions
Job Overview
Job title: Information Security Architect – Mergers and Acquisitions
Job description: Job Description
Role
The Thomson Reuters Information Security and Risk Management (ISRM) group is seeking an Information Security Architect to join the unique role, wherein you will be a core member in representing ISRM equities in Corporate Mergers, Acquisitions, and Divestitures (MAD) projects.
You will assess the information security risk associated with the merger/acquisition of a company into TR, enabling TR to manage the cybersecurity risks of any deal in a manner consistent with their risk appetite. Post-deal-close, you will directly support ISRM stakeholders, enabling them to strategize and implement, and further optimize, security controls during M&A integration to maintain and enhance the security posture of the unified organization. You will also throughout these activities, communicate the security risk attributable to any M&A to internal business stakeholders, including executive leadership within and outside of ISRM, empowering them to make more informed decisions to manage risk in alignment with their business objectives and risk appetite.
About the Role
In this opportunity as an Information Security Architect, you will:
Design and Deliver
Assess the target company’s cybersecurity posture – suitability, maturity, and efficacy – during the due diligence phase of a potential M&A transaction
Identify cybersecurity statutory, regulatory, compliance, and/or customer requirements and obligations that TR will inherit from the target company
Define, and the approximate cost for, high-level integration plans to both address materiel risks identified during due diligence and to enable standard integration patterns
Summarize due diligence findings in a manner that is consumable and defensible by technical and non-technical stakeholders of varying levels of seniority across the organization
Be collaborative:
Collaborate with security team members to develop all M&A security requirements for all hardware and software computing platforms, environments, and solutions including modifying, where required, existing policies, procedures, and best practices to address M&A business strategies and requirements
Partner with cross-functional teams to ensure architectural, engineering and operational solutions effectively fulfill M&A business needs
Provide security architectural guidance and hands-on experience to M&A project teams in the design, development, and maintenance of M&A security solutions and processes that are both risk-appropriate and risk prioritized
Develop, document, and maintain milestone-based and objective-focused M&A integration roadmaps, per M&A transaction
Provide guidance to project manager and track the integration activities post successful M&A
Be Innovative:
Create tools, techniques, and templates to enable the consistent, repeatable, complete, and quality realization of each responsibility previously codified
Standardize the integration process and develop playbooks to effectively manage the cybersecurity risk attributable to an M&A transaction in a manner that garners support from cross-functional teams, enables the realization of the value proposition of the deal, and is consistent with the risk appetite of ISRM and TR at-large
Assess gaps to develop the strategy and take it forward.
Influence cross-functional team(s) to align the integration activities and track the outcomes
About you:
You’re a fit for the role of Information Security Architect if you have:
5 years of experience working in Security Architecture for a significant size of organization, with minimum 1 year of experience in M&A cybersecurity assessment, third-party risk management, and/or cybersecurity risk management
Knowledge of regulatory, compliance and Industry-standard cybersecurity frameworks – HIPAA, PCI-DSS, GDPR, FedRAMP, SOC 2, ISO27001, NIST SP 800-53, CIS, OWASP, etc.
Ability to communicate effectively with people from diverse cultural environments, professional experience, and technical expertise
Knowledge of corporate M&A lifecycle and processes
Knowledge of end-user, workplace, datacenter and Cloud technologies; cybersecurity technologies; modern threat tactics, techniques and procedures (TTPs); and the interrelationships between them all
Experience in delivering M&A or transformation projects, accompanied by expertise in key IT areas, such as:
IT infrastructure & networks
Enterprise architecture
Data centers
Cloud technologies
Application integration/separation/rationalization
End user computing
Cyber & IT risk
Identifying key client issues, determining client needs, evaluating and validating analyses, and developing recommendations
Ability to well articulate the Information security principles and able to benchmark the security controls of acquired entity with the organization’s current state
Nice to have:
Certifications such as CISSP, PMP, ITIL, CRISC, and TOGAF
What’s in it For You
At Thomson Reuters, our people are our greatest assets. Here are some of the benefits we offer for your personal and professional growth:
Learning & Development:
Exposure to a wide breadth of leading-edge technology
Career growth – the ability to work on multiple projects and/or with various teams
Professional growth and development opportunity through various training programs, conferences, networking events, in-house speaker series etc.
Access to Hackathons, Unconferences, Harvard Manage Mentor and more, we offer learning opportunities for everyone
Benefits/Perks:
Health benefits
Savings/investment plans
Paid time off (including time off to volunteer and extended parental leave)
Flexibility: We’ve been named as one of Forbes, Best Companies for Work/Life Balance
Global Opportunities: We have employees in over 90 countries, working across three different industries
Your well-being: We offer a program that focuses on making our lives healthier
Do you want to be part of a team helping re-invent the way knowledge professionals work? How about a team that works every day to create a more transparent, just and inclusive future? At Thomson Reuters, we’ve been doing just that for almost 160 years. Our industry-leading products and services include highly specialized information-enabled software and tools for legal, tax, accounting and compliance professionals combined with the world’s most global news services – Reuters. We help these professionals do their jobs better, creating more time for them to focus on the things that matter most: advising, advocating, negotiating, governing and informing.
We are powered by the talents of 25,000 employees across more than 75 countries, where everyone has a chance to contribute and grow professionally in flexible work environments that celebrate diversity and inclusion. At a time when objectivity, accuracy, fairness and transparency are under attack, we consider it our duty to pursue them. Sound exciting? Join us and help shape the industries that move society forward.
Accessibility
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.
More information about Thomson Reuters can be found on thomsonreuters.com.
Locations
Toronto-Ontario-Canada;Bangalore-India
Company: Thomson Reuters
Expected salary:
Location: Toronto, ON
Job date: Sat, 20 Mar 2021 23:50:27 GMT