Director - Mergers & Acquisitions - GRC - Cybersecurity

  • Full-time
  • Job Family Group: Technology and Operations

Company Description

As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.

You're an Individual. We're the team for you. Together, let's transform the way the world pays.

Job Description

The role requires partnering with key Business Customers,  Mergers and Acquisitions teams and Visa’s Integration Management Office (IMO) to identify and assess key security issues for acquired entities, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention while driving risk mitigation strategy for acquired entities. In addition, the role includes  supporting all Cybersecurity needs and the overall work effort for M&A deals for Cybersecurity. Additionally, the role encompasses influencing cross-functional security diligence and integration teams to ensure all relevant security tasks are completed. Stakeholder groups include the acquired entity and the broader Security teams, Technology,Risk, Compliance and IT partners. The M&A director serves as a vital bridge between acquired entity teams and security teams.

The position will report into the Senior Director of GRC and be the point of contact into the Integration Management Office, Cybersecurity stakeholders, product and technology teams for all GRC and Cybersecurity related inquiries and deliverables associated. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern security threats, the ability to influence people from customers to managers through technical solutions to securing Visa’s acquired entities.

Essential Functions 

  • Influence a broad set of stakeholders to ensure Information Security is involved early on in M&As and be a strategic partner.
  • Identify security risks and develop risk mitigation strategies based on diligence findings, and input from stakeholders; continue to refine the plan as the integration proceeds. Form secure mitigation strategies which provide a pragmatic roadmap for ensuring timely risk reduction for all M&A activities.
  • Manage the full life cycle of day-to-day security integration activities including coordination of detailed functional plans, communication with key stakeholders, and issue resolution. Create awareness of cross- functional interdependencies and establish prioritization for plan execution to minimize disruption on daily operations.
  • Coordinate security assessment, architecture review, and penetration or other testing of the target organization and develop integration plans to include remediation of identified weaknesses and/or implementation of compensating controls.
  • Standardize and improve existing due diligence and security integration methods with inputs from across the Information Security department in order to comprehensively assess the target organization’s technical environment, security posture and capabilities, and inherit internal and third-party risks.
  • Capture best practices and lessons learned throughout the due diligence period for continuous improvement for future acquisitions.
  • Provide regular status reporting to senior leadership and key stakeholders on the overall status of integration activities, including plan execution and risk identification, prioritization and triage.
  • Support the Integration Management Office and associated deliverables
  • Support individual SME work threads / functions, plans, and creating an integrated plan for development and deployment activities.
  • Work with cross functional teams and departmental managers to properly resource the projects based on the required level of effort.
  • Proactively identify and manage the risk profile of each assigned work thread
  • Support the creation of executive presentations related to Visa M&A activity.
  • Collaborate with functions like Corporate Strategy, Integration Management Office in risk mitigation activities and monitor Key Risk Indictors.
  • Provide expert advice and consultancy to internal customers on risk assessment and support incident triage, threat modeling, and security vulnerability mitigation.
  • Implement information security controls and patterns that support risk assessments and the development of secure architectures.

Qualifications

Basic Qualifications

  • 10 years of work experience with a Bachelor’s Degree or at least 8 years of work experience with an Advanced Degree (e.g. Masters/MBA/JD/MD) or at least 3 years of work experience with a PhD

Preferred Qualifications

  • Previous experience with M&A and business development processes at large/complex technology companies.
  • Successful track record as a security practitioner, including conducting diligence and integration activities of M&A or other equivalent transactions that were critical to the growth of the organization.
  • Relevant experience conducting security due diligence and leading through integrations (both IT and Security) at a tech organization.
  • Deep knowledge of security practices and controls applied to pragmatically address security risks.
  • Experience executing complex projects and delivering to time commitments with strong attention to detail.
  • Excellent interpersonal skills and ability to establish trust with internal/external partners.
  • Organized, self-driven, and comfortable handling high-profile and complex situations.
  • Strong written and verbal communication skills.
  • Comprehensive understanding of security domains, processes, risks and controls.
  • Excellent communicator who is seen as a subject matter expert, and can influence at all levels of an organization.
  • Clear, professional, and concise communications (written/verbal), presentation and facilitation skills.
  • Consulting experience a plus
  • Consultative approach and persuasive communication with partners
  • Ability to take initiative and to set priorities independently
  • Strong organizational skills and attention to detail

Additional Information

Work Hours:

This position requires the incumbent to be available during core business hours.

Travel Requirements:

This position requires the incumbent to travel for work 20-30% of the time.

Physical Requirements: ​​​​​​

This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Privacy Policy