Gallagher is a global community dedicated to helping clients navigate complexity with confidence. The M&A Cybersecurity Analyst is responsible for identifying, evaluating, and communicating cybersecurity risks associated with potential acquisition and merger partners, while serving as a trusted risk advisor to M&A leadership.
Lead and support cybersecurity risk assessments for acquisition targets across varying levels of maturity and technical complexity
Analyze target IT environments to identify material security risks across infrastructure, applications, identity, cloud services, and historical incident activity
Conduct open-source intelligence (OSINT) research to identify external exposures and breach
Apply established M&A cybersecurity evaluation methodologies to assess risk posture and highlight areas requiring remediation or enhanced monitoring
Translate technical findings into clear, executive-level risk narratives and actionable recommendations
Collaborate with M&A IT, divisional stakeholders, legal, and integration teams to validate findings and support remediation planning
Provide regular assessment updates to M&A leadership and project teams, including emerging risks, mitigation progress, and residual exposure
Identify recurring risk patterns across acquisitions and contribute to continuous improvement of due diligence methodologies and mitigation controls
Support development of metrics, dashboards, and KPI reporting to improve visibility into assessment quality, risk trends, and program effectiveness
Review and interpret due diligence artifacts provided by acquisition targets and internal M&A IT teams
Draft cybersecurity risk assessment memorandums that clearly articulate material risks, likelihood, and potential business impact
Coordinate stakeholder reviews, approvals, and management action alignment for assessment deliverables
Participate in peer review and quality assurance processes to maintain consistency and accuracy across assessments
Recognize cross-deal trends and recommend enhancements to due diligence processes, tooling, and reporting
Qualification
Required
Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or related field (or equivalent experience)
2 - 5 years of experience in cybersecurity risk assessment, due diligence, security consulting, vulnerability management, or related disciplines
Working knowledge of cybersecurity principles across network security, endpoint security, cloud environments, identity, application security, and threat intelligence
Strong analytical and critical thinking skills with the ability to prioritize risk with incomplete information
Experience applying security frameworks and structured risk evaluation methodologies
Excellent written communication skills with the ability to translate technical findings into clear business risk narratives
Demonstrated ability to manage multiple concurrent efforts within fast-moving, deadline-driven environments
Preferred
Experience supporting mergers and acquisitions, consulting engagements, or structured cybersecurity assessment programs
Familiarity with investigative techniques such as OSINT research, cybersecurity incident history analysis, and external exposure discovery
Exposure to cybersecurity governance frameworks (ISO, NIST, CIS) within assessment or advisory contexts
Ability to evaluate security maturity and control effectiveness in environments with limited documentation or incomplete visibility
Professional certifications such as CISSP, CRISC, CISM, or equivalent
Benefits
Medical/dental/vision plans, which start from day one!
Life and accident insurance
401(K) and Roth options
Tax-advantaged accounts (HSA, FSA)
Educational expense reimbursement
Paid parental leave
Digital mental health services (Talkspace)
Flexible work hours (availability varies by office and job function)
Training programs
Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing
Charitable matching gift program
And more...
Gallagher is an international insurance brokerage and risk management services firm.
