Information Security Analyst - M&A Integration

GermanyOn-siteSenior

Location: Come and join us in Hamburg!

We are looking for a Information Security Analyst for M&A Integration, who will be responsible for safeguarding the organization’s digital assets and reputation during corporate growth initiatives. By conducting rigorous pre-acquisition due diligence and leading the complex post-merger technical integration, this role ensures that new entities are seamlessly and securely onboarded into the corporate environment. The primary objective is to bridge the gap between a target company's current security state and our ISO 27001 standards, mitigating "hidden" technical debt and preventing security regressions during transitions.

YOUR DAILY ADVENTURES WILL INCLUDE:

End-to-End Due Diligence: Execute comprehensive security risk assessments of target companies, evaluating their technical stack, data privacy controls, and historical breach records to inform deal valuation.
ISO 27001 Standardization: Map the security controls of acquired companies (especially non-certified smaller entities) against our ISO 27001 framework and develop prioritized remediation plans.
Integration Project Management: Lead the technical migration of identity providers, endpoint management, and cloud environments to ensure a unified security perimeter post-close.
Access & Asset Governance: Manage the secure consolidation of "Shadow IT" and legacy systems from the acquired company, ensuring all hardware and software are accounted for in the master inventory.
Security Posture Validation: Conduct post-integration penetration testing and vulnerability scans to verify that the merger has not introduced new weaknesses into the parent organization.

Communication:

Executive Reporting: Translate technical vulnerabilities and integration hurdles into clear, risk-based business language for the M&A steering committee and C-suite.
Cross-Functional Liaison: Act as the primary security point of contact between Legal, IT, HR, and Development to ensure security requirements are baked into the overall integration timeline.
Cultural Integration: Facilitate workshops and training for the acquired company’s staff to build rapport and educate them on our security culture and compliance obligations by using our existing training material.
Vendor & Third-Party Management: Coordinate with external auditors and service providers of the acquired entity to manage contract transitions or service terminations.

Innovation:

Playbook Development: Design and continuously refine a scalable M&A "Security Integration Playbook" that utilizes automation to speed up the discovery and assessment phases.
Tooling Optimization: Evaluate and implement specialized M&A discovery tools or scripts that can quickly audit the security posture of unknown networks with minimal disruption.
Adaptive Security Frameworks: Develop flexible security "on-ramps" that allow smaller, high-growth startups to integrate quickly without the immediate burden of full certification, while maintaining strict risk boundaries.
Process Automation: Identify opportunities to automate the synchronization of user identities and policy deployments across disparate systems during the "Day 1" transition.

TO BE SUCCESSFUL IN THIS ROLE:

Framework Expertise: Advanced knowledge of ISO/IEC 27001 and GDPR is preferred. Alternative knowledge of NIST and SOC2 could be helpful.
M&A Lifecycle Fluency: Experience navigating the specific phases of a deal, from initial "clean room" data analysis to long-term post-merger synergy realization would be beneficial.
Technical Proficiency: Strong grasp of cloud architecture (AWS), Zero Trust Network Access (ZTNA), and modern IAM solutions (e.g., Okta, SAML).
Strategic Problem Solving: The ability to find creative security solutions when dealing with legacy technology or "unmanaged" environments typical of smaller startup acquisitions.
Change Management: Proficiency in leading organizational change and influencing technical teams over whom you may not have direct hierarchical authority.