M&A Security Engineer

Job Description

DescriptionABOUT US At HUB International, we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals, families, and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs.

We believe in empowering our employees to learn, grow, and make a difference. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence. HUB is a global insurance and employee benefits broker, providing a boundaryless array of business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management products and services. With over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions.

About the PositionThe Information Security M&A Engineer is responsible for supporting HUB International’s merger and acquisition activity throughout the due diligence and integration processes. The role reports to the Security Vulnerability Manager and functions as a member of the Information Security team with a dotted line to the M&A Integration leadership team.

The Information Security M&A Engineer interacts with internal and external technical and business units to perform Information Security risk assessments, drive Information Security related technology integration activities and ensure alignment of integration activities with HUB International security strategy. This is a hands-on technical role. Responsibilities:Protect the integrity and confidentiality of HUB data and infrastructure while enabling business functionality in all systems and environments by supporting applicable security solutions.

Partner with stakeholders to conduct pre-deal close security review and breach analysis of acquisition environment​. Perform acquisition firewall rule reviews to ensure high-risk protocols are configured appropriately. Perform technical risk assessments and present accurate and comprehensive reports for both non-technical and technical audiences.

Participate in the integration and Solution Design meetings to plan secure system integration solutions following HUB’s Policies and Standards. Perform static and dynamic code analysis of in-house developed applications.

Review applications for security posture and provide improvement recommendations. Implement the suite of Hub Information Security tools post-close. Facilitate the adoption of new tools and processes in the M&A playbook.

Act as a liaison between acquired business units and corporate stakeholders for incident response activities for M&A related security incidents. Gather and report on key organizational information security metrics. Other duties as assigned.

Requirements:Bachelor’s degree Information Security, Computer Sciences or an equivalent combination of education and experience. Related certifications (e. g.

, GSEC, CISSP, AWS) preferred. At least 3 years’ experience in an Information Security role and 3 years’ experience in an IT capacity with progressively difficult responsibilities. At least 2 years’ experience in mergers and acquisitions.

EWJD3