Principal Cyber Risk Advisor, Cybersecurity M&A

Lead GE Vernova’s cybersecurity due diligence and integration/separation for a global M&A portfolio (acquisitions, divestitures/carve-outs, JVs, minority investments) across IT and OT/ICS. Own a NIST-aligned workstream from pre-LOI red-flags through close and 30/60/100-day execution. Quantify and communicate cyber risk to inform valuation, terms, and closing conditions; ensure Day 1 control readiness; standardize reusable playbooks (IAM, network/zero trust, cloud, endpoint, data, logging/monitoring, vulnerability management, third-party risk, incident response, BCP/DR); drive safe OT/ICS integration (incl. NERC CIP where applicable); operate in a matrix with DT M&A/PMO, Legal, Privacy, Finance, Insurance, and BU security; manage external providers; track KPIs and reduce TSA duration.

# Job Description

Essential Responsibilities

- Lead pre-sign red-flag and full due diligence for GE Vernova's Deal Processes in DT and OT/ICS targets aligned to NIST CSF, SP 800-53/800-171, and 800-82.

- Quantify risk and remediation (capex/opex, timeline) and translate into valuation, PPAs, holdbacks, R&Ws/indemnities, and closing conditions.

- Own Day 1 control readiness; build and execute 30/60/100-day plans and drive TSA exit milestones.

- Develop and run standard playbooks for IAM/PAM, network segmentation/zero trust, endpoint/EDR, cloud tenancy/landing zones, app security, data discovery/classification/transfer, logging/SIEM, vulnerability management, third-party risk, IR, and BCP/DR.

- Design/govern safe OT/ICS integration and segmentation strategies; assess NERC CIP applicability and compliance contours.

- Establish clean-room protocols and data handling standards; ensure privacy and cross-border compliance (e.g., DPIAs).

- Operate in a matrix with DT M&A/PMO, Business Development, Legal, Privacy, Finance, Insurance, Sourcing, and BU security; lead cross-functional squads.

- Manage third-party providers for surge capacity/testing/regulatory advisory; integrate and QA outputs.

- Track and report KPIs (flow efficiency, diligence cycle time, Day 1 control coverage, TSA months saved, post-close findings); drive continuous improvement.

- Provide executive-ready risk narratives, options/trade-offs, and recommendations under tight timelines.

Key Deliverables

- Red-flag memo; preliminary NIST scorecard; diligence plan and data room list; clean-room SOPs.

- Control gap assessment with target state; quantified remediation estimates; executive risk register and heatmap.

- OT/ICS Purdue mapping; zone/conduit strategy; NERC CIP relevance assessment (as applicable).

- Day 1 control checklist and exceptions log; 30/60/100-day plan with critical path and TSA exit criteria.

- Integration/separation runbooks/playbooks; cutover command-center and stabilization plans.

- SPA/TSA cyber clause recommendations; insurance underwriting package.

- Deal dashboard, weekly executive updates, risk/issue logs; post-close lessons learned; BU handover package.

Required Qualifications

- 10+ years in cybersecurity with significant M&A diligence and integration/separation leadership.

- Experience across IT and OT/ICS security, including segmentation and operational resilience.

- Deep knowledge of NIST CSF, SP 800-53/800-171, and 800-82; familiarity with NERC CIP.

- Proven ability to quantify risk/remediation and translate into deal economics and SPA/TSA language.

- Track record delivering Day 1 readiness and 30/60/100-day execution with TSA exits in global environments.

- Hands-on depth in IAM/PAM, network/cloud security, endpoint/EDR, data protection, logging/monitoring, vuln mgmt, third-party risk, IR, and BCP/DR.

- Executive communication and matrix leadership; ability to lead external advisors.

- Bachelor’s degree in cybersecurity, computer science, engineering, or related field (or equivalent experience).

- Location: Flexible US; hybrid/remote options based on candidate location.

- Travel: Some Domestic and international, as required.

Preferred Qualifications

- OT-heavy transaction experience (generation, grid, renewables); prior clean-room design/operations.

- Risk quantification (e.g., FAIR or equivalent); Lean/Agile/PMO experience with metrics focus.

- Experience improving cyber insurance submissions and influencing SPA/TSA controls.

- Relevant certifications: CISSP, CISM, CRISC, CISA, GICSP, CCSK/CCSP, cloud provider certs.

# Additional Information

GE Vernova offers a great work environment, professional development, challenging careers, and competitive compensation. GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE Vernova will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: No

#LI-Remote - This is a remote positionApplication Deadline: December 18, 2025

For candidates applying to a U.S. based position, the pay range for this position is between $156,100.00 and $260,100.00. The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas. The specific pay offered may be influenced by a variety of factors, including the candidate’s experience, education, and skill set.

Bonus eligibility: discretionary annual bonus.

This posting is expected to remain open for at least seven days after it was posted on December 11, 2025.

Available benefits include medical, dental, vision, and prescription drug coverage; access to Health Coach from GE Vernova, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off.

GE Vernova Inc. or its affiliates (collectively or individually, “GE Vernova”) sponsor certain employee benefit plans or programs GE Vernova reserves the right to terminate, amend, suspend, replace, or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a GE Vernova welfare benefit plan or program. This document does not create a contract of employment with any individual.