Information Security Architect – Mergers and Acquisitions

Job title: Information Security Architect – Mergers and Acquisitions

Job description: Job Description

Role

The Thomson Reuters Information Security and Risk Management (ISRM) group is seeking an Information Security Architect to join the unique role, wherein you will be a core member in representing ISRM equities in Corporate Mergers, Acquisitions, and Divestitures (MAD) projects.

You will assess the information security risk associated with the merger/acquisition of a company into TR, enabling TR to manage the cybersecurity risks of any deal in a manner consistent with their risk appetite. Post-deal-close, you will directly support ISRM stakeholders, enabling them to strategize and implement, and further optimize, security controls during M&A integration to maintain and enhance the security posture of the unified organization. You will also throughout these activities, communicate the security risk attributable to any M&A to internal business stakeholders, including executive leadership within and outside of ISRM, empowering them to make more informed decisions to manage risk in alignment with their business objectives and risk appetite.

About the Role

In this opportunity as an Information Security Architect, you will:

Design and Deliver

Assess the target company’s cybersecurity posture – suitability, maturity, and efficacy – during the due diligence phase of a potential M&A transaction

Identify cybersecurity statutory, regulatory, compliance, and/or customer requirements and obligations that TR will inherit from the target company

Define, and the approximate cost for, high-level integration plans to both address materiel risks identified during due diligence and to enable standard integration patterns

Summarize due diligence findings in a manner that is consumable and defensible by technical and non-technical stakeholders of varying levels of seniority across the organization

Be collaborative:

Collaborate with security team members to develop all M&A security requirements for all hardware and software computing platforms, environments, and solutions including modifying, where required, existing policies, procedures, and best practices to address M&A business strategies and requirements

Partner with cross-functional teams to ensure architectural, engineering and operational solutions effectively fulfill M&A business needs

Provide security architectural guidance and hands-on experience to M&A project teams in the design, development, and maintenance of M&A security solutions and processes that are both risk-appropriate and risk prioritized

Develop, document, and maintain milestone-based and objective-focused M&A integration roadmaps, per M&A transaction

Provide guidance to project manager and track the integration activities post successful M&A

Be Innovative:

Create tools, techniques, and templates to enable the consistent, repeatable, complete, and quality realization of each responsibility previously codified

Standardize the integration process and develop playbooks to effectively manage the cybersecurity risk attributable to an M&A transaction in a manner that garners support from cross-functional teams, enables the realization of the value proposition of the deal, and is consistent with the risk appetite of ISRM and TR at-large

Assess gaps to develop the strategy and take it forward.

Influence cross-functional team(s) to align the integration activities and track the outcomes

About you:

You’re a fit for the role of Information Security Architect if you have:

5 years of experience working in Security Architecture for a significant size of organization, with minimum 1 year of experience in M&A cybersecurity assessment, third-party risk management, and/or cybersecurity risk management

Knowledge of regulatory, compliance and Industry-standard cybersecurity frameworks – HIPAA, PCI-DSS, GDPR, FedRAMP, SOC 2, ISO27001, NIST SP 800-53, CIS, OWASP, etc.

Ability to communicate effectively with people from diverse cultural environments, professional experience, and technical expertise

Knowledge of corporate M&A lifecycle and processes

Knowledge of end-user, workplace, datacenter and Cloud technologies; cybersecurity technologies; modern threat tactics, techniques and procedures (TTPs); and the interrelationships between them all

Experience in delivering M&A or transformation projects, accompanied by expertise in key IT areas, such as:

IT infrastructure & networks

Enterprise architecture

Data centers

Cloud technologies

Application integration/separation/rationalization

End user computing

Cyber & IT risk

Identifying key client issues, determining client needs, evaluating and validating analyses, and developing recommendations

Ability to well articulate the Information security principles and able to benchmark the security controls of acquired entity with the organization’s current state

Nice to have:

Certifications such as CISSP, PMP, ITIL, CRISC, and TOGAF

What’s in it For You

At Thomson Reuters, our people are our greatest assets. Here are some of the benefits we offer for your personal and professional growth:

Learning & Development:

Exposure to a wide breadth of leading-edge technology

Career growth – the ability to work on multiple projects and/or with various teams

Professional growth and development opportunity through various training programs, conferences, networking events, in-house speaker series etc.

Access to Hackathons, Unconferences, Harvard Manage Mentor and more, we offer learning opportunities for everyone

Benefits/Perks:

Health benefits

Savings/investment plans

Paid time off (including time off to volunteer and extended parental leave)

Flexibility: We’ve been named as one of Forbes, Best Companies for Work/Life Balance

Global Opportunities: We have employees in over 90 countries, working across three different industries

Your well-being: We offer a program that focuses on making our lives healthier

Do you want to be part of a team helping re-invent the way knowledge professionals work? How about a team that works every day to create a more transparent, just and inclusive future? At Thomson Reuters, we’ve been doing just that for almost 160 years. Our industry-leading products and services include highly specialized information-enabled software and tools for legal, tax, accounting and compliance professionals combined with the world’s most global news services – Reuters. We help these professionals do their jobs better, creating more time for them to focus on the things that matter most: advising, advocating, negotiating, governing and informing.

We are powered by the talents of 25,000 employees across more than 75 countries, where everyone has a chance to contribute and grow professionally in flexible work environments that celebrate diversity and inclusion. At a time when objectivity, accuracy, fairness and transparency are under attack, we consider it our duty to pursue them. Sound exciting? Join us and help shape the industries that move society forward.

Accessibility

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.

More information about Thomson Reuters can be found on thomsonreuters.com.

Locations
Toronto-Ontario-Canada;Bangalore-India

Company: Thomson Reuters

Expected salary:

Location: Toronto, ON

Job date: Sat, 20 Mar 2021 23:50:27 GMT