As a Principal Technical Product Manager, you will lead security due diligence and pre-close risk mitigation strategy for Mergers and Acquisitions. You will lead security assessment and remediation efforts related to application security, network and infrastructure security, endpoint security. compliance and privacy.
What You’ll Do
· Build long-term relationships with the business development team to become a valued strategic partner. Influence a broad set of stakeholders to ensure Information Security is involved early on in M&As.
· Identify security risks and develop risk mitigation strategies based on deal rationale, diligence findings, and input from stakeholders; continue to refine the plan as a deal progresses. Form secure mitigation strategies which provide a pragmatic roadmap for ensuring timely risk reduction for all M&A activities.
· Manage the full life cycle of day-to-day security integration activities including coordination of detailed functional plans, communication with key stakeholders, and issue resolution. Create awareness of cross- functional interdependencies and establish prioritization for plan execution to minimize disruption on daily operations.
· Lead internal and/or third-party security assessment, architecture review, and penetration or other testing of the target organization and develop integration plans to include remediation of identified weaknesses and/or implementation of compensating controls.
· Standardize and improve existing due diligence and security integration methods with inputs from across the Information Security department in order to comprehensively assess the target organization’s technical environment, security posture and capabilities, and inherit internal and third-party risks. Capture best practices and lessons learned throughout the due diligence period for continuous improvement for future acquisitions.
· Provide regular status reporting to senior leadership and key stakeholders on the overall status of due diligence and integration activities, including plan execution and risk identification, prioritization and triage.
· 10+ years and B.S. degree or equivalent related work experience in security, software engineering, risk management, compliance, information systems or other relevant field.
· Relevant experience conducting security due diligence and leading through integrations (both IT and Security) at a tech organization.
· Deep knowledge of security practices and controls applied to pragmatically address security risks.
· Experience executing complex projects and delivering to time commitments with strong attention to detail.
· Excellent interpersonal skills and ability to establish trust with internal/external partners.
· Organized, self-driven, and comfortable handling high-profile and complex situations.
· Strong written and verbal communication skills.
· Previous experience with M&A and business development processes at large/complex technology companies.
· Successful track record as a security practitioner, including conducting diligence of M&A or other equivalent transactions that were critical to the growth of the organization.
· Comprehensive understanding of security domains, processes, risks and controls.
· Seasoned program leader who can execute by influencing and managing teams, both directly and indirectly, in a matrixed environment.
· Excellent communicator who is seen as a subject matter expert, and can influence at all levels of an organization.
· Experience in change management and contemporary approaches to navigate organizational and cultural change.
· Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.