The Business

 team.blue was created in June 2019 by the merger of regional leading hosting providers Combell Group, Register Group and TransIP Group and offers digital presence and enablement tools such as domains, hosting, email, VPS and applications to over 2.5 million SME, SoHo and developer customers across Europe. The group consists of several well-known and respected brands, spanning across 17 European countries and operating under several brand names for each jurisdiction – with a bloodline that represents total commitment to customers.

Your opportunity

We are seeking a senior professional responsible for identifying and managing information security risks emerging from team.blue’s acquisitions of SaaS and hosting companies, throughout the pre- and post-acquisition process and defining and maintaining applicable cybersecurity standards in this area.

Key responsibilities

• Perform cybersecurity due diligence analysis, combining self analysis and third party providers input to develop a security assessment of each M&A target
• Create remediation plans with the target and follow up on their implementation
• Post-acquisition, work together with the rest of team.blue security to enable efficient execution of the above defined remediation plans
• Define and implement standards (with their variations according to target profile and risk) applicable to team.blue M&A targets; maintain these standards in line with team.blue stakeholder´s requirements (regulatory/legal, investors, etc.)
• Monitor the main trends in the cybersecurity space (in particular: new threats, assessment and protection technologies) to identify new areas of analysis applicable to team.blue M&A targets
• Nurture a pool of third-party providers able to intervene on technical and cybersecurity due diligence across Europe
• Influence business and technology management decision-making as it relates to risk vs. cost considerations, pre-acquisition and post-acquisition
• Advocate and exemplify cybersecurity best practices throughout M&A process

What you have

• Minimum of 3 years of security experience, ideally with exposure to specific challenges posed by M&A activities
• Plus a minimum of 4 years in a related technology discipline (i.e. DevOps, Cloud, Virtualization, Windows, Linux, etc)
• Broad IT/IS knowledge base (PKI / Encryption, Authentication, Active Directory, Web Proxies, Email Systems, Network Security, Windows / Unix / Linux Operating Systems)
• Working Knowledge of application security technologies including but not limited to API’s, SOA gateways, REST, JSON, HTTPS/HSTS, TLS, SAML, Auth
• A solid understanding of SaaS Cloud Security and Architecture
• Experience in using industry standards like ISO 27001, NIST, CIS, etc
• Experience with Data Privacy regulations (GDPR)
• Ability to think strategically, linking detailed findings in a broader picture and balance risk and cost
• Good communication and interpersonal skills
• Proven ability to interact efficiently with senior and operational professionals in Business, Legal, and Technology
• Ability to work effectively and drive results with minimal direct supervision
• CISSP, CCSP, CISM, CISA, or equivalent certifications preferred.